Edk2
This hub aggregates every CVE we track for Edk2, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.
45
CVEs tracked
1
Critical
25
High
0
In CISA KEV
Severity distribution
HIGH25MEDIUM18LOW1CRITICAL1
Monthly trend
0
0
1
0
0
0
0
0
1
1
0
0
0
2
0
0
1
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Edk2.
- CVE-2024-38798Uncleared password keystrokes in circular queue can lead to information disclosure or escalation of privilege7.0
- CVE-2025-2486UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu8.8
- CVE-2024-38805iSCSI Remote Memory Corruption and Denial of Service6.3
- CVE-2025-3770SMM IDT Privilege Escalation Vulnerability7.0
- CVE-2024-38797Out-of-bounds Read in HashPeImageByType()4.6
- CVE-2025-2295Potential iSCSI R2T PDU Vulnerability3.5
- CVE-2024-38796Integer overflow in PeCoffLoaderRelocateImage5.9
- CVE-2024-1298Integer Overflow caused by divide by zero during S3 suspension6.0
- CVE-2023-49721An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.6.7
- CVE-2023-48733An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.6.7
- CVE-2023-45234Buffer Overflow in EDK II Network Package8.3
- CVE-2023-45233Infinite loop in EDK II Network Package7.5
- CVE-2023-45232Infinite loop in EDK II Network Package7.5
- CVE-2023-45235Buffer Overflow in EDK II Network Package8.3
- CVE-2023-45237Use of a Weak PseudoRandom Number Generator in EDK II Network Package5.3
Product normalization is registry-driven with AI assist and human review. How it works