TianoCoreVULNRICHMENT:CVE-2024-1298CVE-2024-1298 Integer Overflow caused by divide by zero during S3 suspension
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*"
],
"vendor": "tianocore",
"product": "edk2",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "edk2-stable202405",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial