Primary

Context

EDK2 HashPeImageByType Out-of-Bounds Read Vulnerability

Vulnerability

A vulnerability in the EDK2 HashPeImageByType function allows for an out-of-bounds read. This issue arises when a corrupted data pointer and length are sent via an adjacent network, potentially leading to a loss of integrity and availability. The vulnerability is present in the SecurityPkg component of EDK2, affecting versions through 202502.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, which may be leveraged to read sensitive information or cause a denial-of-service condition.

Remediation

The vulnerability has been patched, and the patch is being upstreamed into EDK2. It is expected to be included in the May 2025 stable release.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EDK2 HashPeImageByType Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TianoCore EDK2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating