Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for EDK II by TianoCore

    CVE-2021-38578 (GCVE-0-2021-38578)

    Vulnerability from nvd – Published: 2022-03-03 21:53 – Updated: 2025-11-03 19:26
    VLAI
    Summary
    Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-124 - A case of CWE-124 is occurring in PiSmmCore.
    Assigner
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: edk2-stable202208
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:26:15.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.insyde.com/security-pledge/SA-2023024"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38578",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:13:33.412696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T18:59:05.792Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "edk2-stable202208"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eExisting CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.\u003c/p\u003e"
                }
              ],
              "value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-124",
                  "description": "A case of CWE-124 is occurring in PiSmmCore.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-06T00:55:57.322Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
            },
            {
              "url": "https://www.insyde.com/security-pledge/SA-2023024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-38578",
        "datePublished": "2022-03-03T21:53:37.000Z",
        "dateReserved": "2021-08-11T00:00:00.000Z",
        "dateUpdated": "2025-11-03T19:26:15.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-38575 (GCVE-0-2021-38575)

    Vulnerability from nvd – Published: 2021-12-01 00:00 – Updated: 2025-11-03 19:26
    VLAI
    Summary
    NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
    Severity
    No CVSS data available.
    CWE
    • CWE-124 - A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.
    Assigner
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: unspecified , ≤ edk2-stable202105 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:26:13.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.insyde.com/security-pledge/SA-2023025"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "lessThanOrEqual": "edk2-stable202105",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-124",
                  "description": "A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-23T00:00:00.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
            },
            {
              "url": "https://www.insyde.com/security-pledge/SA-2023025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-38575",
        "datePublished": "2021-12-01T00:00:00.000Z",
        "dateReserved": "2021-08-11T00:00:00.000Z",
        "dateUpdated": "2025-11-03T19:26:13.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-28216 (GCVE-0-2021-28216)

    Vulnerability from nvd – Published: 2021-08-05 20:44 – Updated: 2025-11-03 19:25
    VLAI
    Summary
    BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
    Severity
    No CVSS data available.
    CWE
    • CWE-587 - A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().
    Assigner
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: EDK II Master
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:25:42.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "EDK II Master"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-587",
                  "description": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T20:44:13.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28216",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "EDK II Master"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei()."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28216",
        "datePublished": "2021-08-05T20:44:13.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2025-11-03T19:25:42.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-28213 (GCVE-0-2021-28213)

    Vulnerability from nvd – Published: 2021-06-11 15:11 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
    Severity
    No CVSS data available.
    CWE
    • Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: edk2-stable201905
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:12.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "edk2-stable201905"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T15:11:23.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28213",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "edk2-stable201905"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28213",
        "datePublished": "2021-06-11T15:11:23.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:12.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28211 (GCVE-0-2021-28211)

    Vulnerability from nvd – Published: 2021-06-11 15:11 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: edk2-stable202008
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:13.314Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "edk2-stable202008"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T15:11:23.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28211",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "edk2-stable202008"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28211",
        "datePublished": "2021-06-11T15:11:23.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:13.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28210 (GCVE-0-2021-28210)

    Vulnerability from nvd – Published: 2021-06-11 15:11 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    An unlimited recursion in DxeCore in EDK II.
    Severity
    No CVSS data available.
    CWE
    • CWE-674 - A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: unspecified , ≤ edk2-stable202008 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:12.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "lessThanOrEqual": "edk2-stable202008",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unlimited recursion in DxeCore in EDK II."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T15:11:23.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28210",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "edk2-stable202008"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unlimited recursion in DxeCore in EDK II."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28210",
        "datePublished": "2021-06-11T15:11:23.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:12.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38578 (GCVE-0-2021-38578)

    Vulnerability from cvelistv5 – Published: 2022-03-03 21:53 – Updated: 2025-11-03 19:26
    VLAI
    Summary
    Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-124 - A case of CWE-124 is occurring in PiSmmCore.
    Assigner
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: edk2-stable202208
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:26:15.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.insyde.com/security-pledge/SA-2023024"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38578",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:13:33.412696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T18:59:05.792Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "edk2-stable202208"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eExisting CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.\u003c/p\u003e"
                }
              ],
              "value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-124",
                  "description": "A case of CWE-124 is occurring in PiSmmCore.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-06T00:55:57.322Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
            },
            {
              "url": "https://www.insyde.com/security-pledge/SA-2023024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-38578",
        "datePublished": "2022-03-03T21:53:37.000Z",
        "dateReserved": "2021-08-11T00:00:00.000Z",
        "dateUpdated": "2025-11-03T19:26:15.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-38575 (GCVE-0-2021-38575)

    Vulnerability from cvelistv5 – Published: 2021-12-01 00:00 – Updated: 2025-11-03 19:26
    VLAI
    Summary
    NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
    Severity
    No CVSS data available.
    CWE
    • CWE-124 - A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.
    Assigner
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: unspecified , ≤ edk2-stable202105 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:26:13.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.insyde.com/security-pledge/SA-2023025"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "lessThanOrEqual": "edk2-stable202105",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-124",
                  "description": "A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-23T00:00:00.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
            },
            {
              "url": "https://www.insyde.com/security-pledge/SA-2023025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-38575",
        "datePublished": "2021-12-01T00:00:00.000Z",
        "dateReserved": "2021-08-11T00:00:00.000Z",
        "dateUpdated": "2025-11-03T19:26:13.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-28216 (GCVE-0-2021-28216)

    Vulnerability from cvelistv5 – Published: 2021-08-05 20:44 – Updated: 2025-11-03 19:25
    VLAI
    Summary
    BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
    Severity
    No CVSS data available.
    CWE
    • CWE-587 - A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().
    Assigner
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: EDK II Master
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:25:42.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "EDK II Master"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-587",
                  "description": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T20:44:13.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28216",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "EDK II Master"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei()."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28216",
        "datePublished": "2021-08-05T20:44:13.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2025-11-03T19:25:42.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-28211 (GCVE-0-2021-28211)

    Vulnerability from cvelistv5 – Published: 2021-06-11 15:11 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: edk2-stable202008
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:13.314Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "edk2-stable202008"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T15:11:23.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28211",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "edk2-stable202008"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28211",
        "datePublished": "2021-06-11T15:11:23.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:13.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28213 (GCVE-0-2021-28213)

    Vulnerability from cvelistv5 – Published: 2021-06-11 15:11 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
    Severity
    No CVSS data available.
    CWE
    • Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: edk2-stable201905
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:12.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "status": "affected",
                  "version": "edk2-stable201905"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T15:11:23.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28213",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "edk2-stable201905"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28213",
        "datePublished": "2021-06-11T15:11:23.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:12.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28210 (GCVE-0-2021-28210)

    Vulnerability from cvelistv5 – Published: 2021-06-11 15:11 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    An unlimited recursion in DxeCore in EDK II.
    Severity
    No CVSS data available.
    CWE
    • CWE-674 - A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TianoCore EDK II Affected: unspecified , ≤ edk2-stable202008 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:12.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EDK II",
              "vendor": "TianoCore",
              "versions": [
                {
                  "lessThanOrEqual": "edk2-stable202008",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unlimited recursion in DxeCore in EDK II."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T15:11:23.000Z",
            "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
            "shortName": "TianoCore"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "infosec@edk2.groups.io",
              "ID": "CVE-2021-28210",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EDK II",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "edk2-stable202008"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TianoCore"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unlimited recursion in DxeCore in EDK II."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743",
                  "refsource": "MISC",
                  "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "assignerShortName": "TianoCore",
        "cveId": "CVE-2021-28210",
        "datePublished": "2021-06-11T15:11:23.000Z",
        "dateReserved": "2021-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:12.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }