CVE-2024-38797
📋 TL;DR
EDK2's HashPeImageByType() function has an out-of-bounds read vulnerability when processing corrupted data pointers and lengths from adjacent network traffic. This could allow attackers to cause denial of service or potentially compromise system integrity on affected UEFI firmware implementations. Systems using vulnerable EDK2-based firmware are affected.
💻 Affected Systems
- EDK2 (UEFI Development Kit)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
System crash or instability leading to denial of service, with potential for information disclosure or limited code execution in UEFI context.
Likely Case
System instability or crash requiring physical intervention to recover, potentially disrupting boot process.
If Mitigated
Minimal impact with proper network segmentation and firmware protections in place.
🎯 Exploit Status
Requires adjacent network access and ability to send specially crafted network packets to vulnerable system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 6f5e6e9c or later
Vendor Advisory: https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
Restart Required: Yes
Instructions:
1. Update EDK2 source to commit 6f5e6e9c or later. 2. Rebuild firmware image. 3. Flash updated firmware to affected systems. 4. Consult device manufacturer for vendor-specific firmware updates.
🔧 Temporary Workarounds
Disable network boot if not needed
allDisable PXE/network boot options in UEFI settings to reduce attack surface
Network segmentation
allIsolate management networks and restrict access to UEFI network services
🧯 If You Can't Patch
- Implement strict network segmentation to isolate systems from untrusted networks
- Monitor for unusual network traffic to UEFI/management interfaces
🔍 How to Verify
Check if Vulnerable:
Check EDK2 version/git commit; systems with EDK2 prior to commit 6f5e6e9c are vulnerableCheck Version:
Check UEFI firmware version in system BIOS/UEFI settings or use dmidecode on LinuxVerify Fix Applied:
Verify EDK2 commit includes 6f5e6e9c or check with device manufacturer for firmware update status📡 Detection & Monitoring
Log Indicators:
- Unexpected system reboots
- Firmware/BIOS error logs
- Network boot failures
Network Indicators:
- Unusual PXE/DHCP traffic
- Malformed network packets to UEFI services
SIEM Query:
source="bios_logs" AND (event="crash" OR event="reset") OR dest_port IN (67,68,69) AND packet_size_anomaly