Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2024-7344

CVE-2024-7344

8.2

High

Published:14 Jan 2025

Last updated:17 Jun 2026

Source:cret@cert.org

Analyzed

Weakness (CWE)

CWE-347CWE-347

CVSS Vector

v3.1

Attack Vector: Local
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

References

cret@cert.org

https://uefi.org/revocationlistfile

cret@cert.org

https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html

cret@cert.org

https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html

cret@cert.org

https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/

af854a3a-2127-422b-91ae-364da2661108

https://www.kb.cert.org/vuls/id/529659

134c704f-9b21-4f2e-91b3-4a467353bcc0

https://www.kb.cert.org/vuls/id/529659

134c704f-9b21-4f2e-91b3-4a467353bcc0

https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/