CVE-2024-1298

Published May 30, 2024

Last updated 5 months ago

CVSS medium 6.0

Overview

Description
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
Source
infosec@edk2.groups.io
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6
Impact score
4
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

infosec@edk2.groups.io
CWE-369

Social media

Hype score
Not currently trending

References