CVE-2024-13745
AI description
CVE-2024-13745 describes an issue within EDK II firmware where the measurement of bytes differs from those actually in use, specifically impacting the PCR measurements. These measurements are intended to record the expected GUID Partition Table (GPT) layout. Consequently, the trustworthiness of PCR measurements is compromised, as the system may appear "trusted" based on these measurements even if a malicious partition layout is being utilized. This discrepancy can affect systems relying on TPM-based Full Disk Encryption (FDE) and remote attestation, where the GPT layout is critical for security.
- Description
- -
- Hype score
- Not currently trending
CVE-2024-13745, EDK II: Several issues with partition table measurements https://t.co/cN7Yig1rHw In short, one must not trust the PCR[5] measurements recording the expected GUID Partition Table (GPT) layout. May affect TPM-based FDE instances when GPT layout is security-relevant.
@oss_security
29 May 2026
309 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13745 CVE-2024-13745, EDK II https://t.co/2TvWBde2Rv
@VulmonFeeds
29 May 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13745 in EDK II (likely, "WONTFIX"): "what you measure is not what you use". The story about firmware measuring bytes different from ones being used. It affects PCR[5], so the severity is low (nobody cares about PCR[5] by default). https://t.co/K09lww7uR9
@errno_fail
29 May 2026
186 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes