Search
Find a vulnerability
Search criteria
22 vulnerabilities found for edk_ii by tianocore
CVE-2021-28216 (GCVE-0-2021-28216)
Vulnerability from nvd – Published: 2021-08-05 20:44 – Updated: 2025-11-03 19:25
VLAI
Summary
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
Severity
No CVSS data available.
CWE
- CWE-587 - A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=2957 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:42.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EDK II",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "EDK II Master"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-587",
"description": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:44:13.000Z",
"orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"shortName": "TianoCore"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "infosec@edk2.groups.io",
"ID": "CVE-2021-28216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EDK II",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "EDK II Master"
}
]
}
}
]
},
"vendor_name": "TianoCore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei()."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957",
"refsource": "MISC",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"assignerShortName": "TianoCore",
"cveId": "CVE-2021-28216",
"datePublished": "2021-08-05T20:44:13.000Z",
"dateReserved": "2021-03-12T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:42.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-11098 (GCVE-0-2019-11098)
Vulnerability from nvd – Published: 2021-07-14 13:28 – Updated: 2024-08-04 22:40
VLAI
Summary
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Severity
No CVSS data available.
CWE
- escalation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://edk2-docs.gitbook.io/security-advisory/bo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tianocore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T13:28:44.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tianocore",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability",
"refsource": "MISC",
"url": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11098",
"datePublished": "2021-07-14T13:28:44.000Z",
"dateReserved": "2019-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:16.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0161 (GCVE-0-2019-0161)
Vulnerability from nvd – Published: 2019-03-27 19:23 – Updated: 2024-08-04 17:44
VLAI
Summary
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2125 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:2437 | vendor-advisoryx_refsource_REDHAT |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
},
{
"name": "openSUSE-SU-2019:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1425",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
},
{
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T21:06:25.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
},
{
"name": "openSUSE-SU-2019:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1425",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
},
{
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
},
{
"name": "openSUSE-SU-2019:1352",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1425",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
},
{
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0161",
"datePublished": "2019-03-27T19:23:44.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:14.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0160 (GCVE-0-2019-0160)
Vulnerability from nvd – Published: 2019-03-27 19:20 – Updated: 2024-08-04 17:44
VLAI
Summary
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
Severity
8.7 (High)
CWE
- Escalation of Privilege and/or Denial of Service
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html",
"tags": [
"x_transferred"
],
"url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege and/or Denial of Service",
"lang": "en"
},
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T13:18:44.728Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html",
"url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0160",
"datePublished": "2019-03-27T19:20:26.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:14.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3613 (GCVE-0-2018-3613)
Vulnerability from nvd – Published: 2019-03-27 19:16 – Updated: 2024-08-05 04:50
VLAI
Summary
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:2125 | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:12.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3613",
"datePublished": "2019-03-27T19:16:58.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:50:30.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12183 (GCVE-0-2018-12183)
Vulnerability from nvd – Published: 2019-03-27 19:17 – Updated: 2024-08-05 08:30
VLAI
Summary
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107643 | vdb-entryx_refsource_BID |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html"
},
{
"name": "107643",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107643"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T19:06:09.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html"
},
{
"name": "107643",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107643"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html"
},
{
"name": "107643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107643"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12183",
"datePublished": "2019-03-27T19:17:46.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12182 (GCVE-0-2018-12182)
Vulnerability from nvd – Published: 2019-03-27 19:18 – Updated: 2024-08-05 08:30
VLAI
Summary
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107648 | vdb-entryx_refsource_BID |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html"
},
{
"name": "107648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T19:06:09.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html"
},
{
"name": "107648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html"
},
{
"name": "107648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107648"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12182",
"datePublished": "2019-03-27T19:18:40.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12181 (GCVE-0-2018-12181)
Vulnerability from nvd – Published: 2019-03-27 19:23 – Updated: 2024-08-05 08:30
VLAI
Summary
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege and/or Denial of Service
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2125 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:3338 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4349-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "openSUSE-SU-2019:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1172",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:3338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3338"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T14:06:04.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "openSUSE-SU-2019:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1172",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:3338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3338"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "openSUSE-SU-2019:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1172",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:3338",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3338"
},
{
"name": "USN-4349-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4349-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12181",
"datePublished": "2019-03-27T19:23:00.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12180 (GCVE-0-2018-12180)
Vulnerability from nvd – Published: 2019-03-27 19:22 – Updated: 2024-08-05 08:30
VLAI
Summary
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:0809 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:0968 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1116 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4349-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:58.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:0809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0809"
},
{
"name": "RHSA-2019:0968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0968"
},
{
"name": "RHSA-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1116"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T14:06:05.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:0809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0809"
},
{
"name": "RHSA-2019:0968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0968"
},
{
"name": "RHSA-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1116"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html"
},
{
"name": "openSUSE-SU-2019:1083",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:0809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0809"
},
{
"name": "RHSA-2019:0968",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0968"
},
{
"name": "RHSA-2019:1116",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1116"
},
{
"name": "USN-4349-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4349-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12180",
"datePublished": "2019-03-27T19:22:10.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:58.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12179 (GCVE-0-2018-12179)
Vulnerability from nvd – Published: 2019-03-27 19:21 – Updated: 2024-08-05 08:30
VLAI
Summary
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T19:06:09.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12179",
"datePublished": "2019-03-27T19:21:22.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12178 (GCVE-0-2018-12178)
Vulnerability from nvd – Published: 2019-03-27 19:19 – Updated: 2024-08-05 08:30
VLAI
Summary
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Severity
No CVSS data available.
CWE
- Escalation of Privilege and/or Denial of Service
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4349-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T14:06:06.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html"
},
{
"name": "openSUSE-SU-2019:1083",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "USN-4349-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4349-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12178",
"datePublished": "2019-03-27T19:19:31.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28216 (GCVE-0-2021-28216)
Vulnerability from cvelistv5 – Published: 2021-08-05 20:44 – Updated: 2025-11-03 19:25
VLAI
Summary
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
Severity
No CVSS data available.
CWE
- CWE-587 - A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=2957 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:42.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EDK II",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "EDK II Master"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-587",
"description": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei().",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:44:13.000Z",
"orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"shortName": "TianoCore"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "infosec@edk2.groups.io",
"ID": "CVE-2021-28216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EDK II",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "EDK II Master"
}
]
}
}
]
},
"vendor_name": "TianoCore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A case of CWE-587 occurs in function FpdtStatusCodeListenerPei()."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957",
"refsource": "MISC",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"assignerShortName": "TianoCore",
"cveId": "CVE-2021-28216",
"datePublished": "2021-08-05T20:44:13.000Z",
"dateReserved": "2021-03-12T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:42.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-11098 (GCVE-0-2019-11098)
Vulnerability from cvelistv5 – Published: 2021-07-14 13:28 – Updated: 2024-08-04 22:40
VLAI
Summary
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Severity
No CVSS data available.
CWE
- escalation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://edk2-docs.gitbook.io/security-advisory/bo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tianocore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T13:28:44.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tianocore",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability",
"refsource": "MISC",
"url": "https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11098",
"datePublished": "2021-07-14T13:28:44.000Z",
"dateReserved": "2019-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:16.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0161 (GCVE-0-2019-0161)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:23 – Updated: 2024-08-04 17:44
VLAI
Summary
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2125 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:2437 | vendor-advisoryx_refsource_REDHAT |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
},
{
"name": "openSUSE-SU-2019:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1425",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
},
{
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T21:06:25.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
},
{
"name": "openSUSE-SU-2019:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1425",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
},
{
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
},
{
"name": "openSUSE-SU-2019:1352",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1425",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
},
{
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0161",
"datePublished": "2019-03-27T19:23:44.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:14.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12181 (GCVE-0-2018-12181)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:23 – Updated: 2024-08-05 08:30
VLAI
Summary
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege and/or Denial of Service
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2125 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:3338 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4349-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "openSUSE-SU-2019:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1172",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:3338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3338"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T14:06:04.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "openSUSE-SU-2019:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1172",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:3338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3338"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "openSUSE-SU-2019:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1172",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "RHSA-2019:3338",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3338"
},
{
"name": "USN-4349-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4349-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12181",
"datePublished": "2019-03-27T19:23:00.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12180 (GCVE-0-2018-12180)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:22 – Updated: 2024-08-05 08:30
VLAI
Summary
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:0809 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:0968 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1116 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4349-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:58.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:0809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0809"
},
{
"name": "RHSA-2019:0968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0968"
},
{
"name": "RHSA-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1116"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T14:06:05.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:0809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0809"
},
{
"name": "RHSA-2019:0968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0968"
},
{
"name": "RHSA-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1116"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html"
},
{
"name": "openSUSE-SU-2019:1083",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:0809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0809"
},
{
"name": "RHSA-2019:0968",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0968"
},
{
"name": "RHSA-2019:1116",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1116"
},
{
"name": "USN-4349-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4349-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12180",
"datePublished": "2019-03-27T19:22:10.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:58.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12179 (GCVE-0-2018-12179)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:21 – Updated: 2024-08-05 08:30
VLAI
Summary
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T19:06:09.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12179",
"datePublished": "2019-03-27T19:21:22.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0160 (GCVE-0-2019-0160)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:20 – Updated: 2024-08-04 17:44
VLAI
Summary
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
Severity
8.7 (High)
CWE
- Escalation of Privilege and/or Denial of Service
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html",
"tags": [
"x_transferred"
],
"url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege and/or Denial of Service",
"lang": "en"
},
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T13:18:44.728Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html",
"url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0160",
"datePublished": "2019-03-27T19:20:26.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:14.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12178 (GCVE-0-2018-12178)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:19 – Updated: 2024-08-05 08:30
VLAI
Summary
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Severity
No CVSS data available.
CWE
- Escalation of Privilege and/or Denial of Service
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4349-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T14:06:06.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html"
},
{
"name": "openSUSE-SU-2019:1083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "USN-4349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4349-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html"
},
{
"name": "openSUSE-SU-2019:1083",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "USN-4349-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4349-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12178",
"datePublished": "2019-03-27T19:19:31.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12182 (GCVE-0-2018-12182)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:18 – Updated: 2024-08-05 08:30
VLAI
Summary
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107648 | vdb-entryx_refsource_BID |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html"
},
{
"name": "107648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T19:06:09.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html"
},
{
"name": "107648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html"
},
{
"name": "107648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107648"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12182",
"datePublished": "2019-03-27T19:18:40.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12183 (GCVE-0-2018-12183)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:17 – Updated: 2024-08-05 08:30
VLAI
Summary
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107643 | vdb-entryx_refsource_BID |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html"
},
{
"name": "107643",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107643"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T19:06:09.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html"
},
{
"name": "107643",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107643"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html"
},
{
"name": "107643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107643"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "FEDORA-2019-d47a9d4b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12183",
"datePublished": "2019-03-27T19:17:46.000Z",
"dateReserved": "2018-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3613 (GCVE-0-2018-3613)
Vulnerability from cvelistv5 – Published: 2019-03-27 19:16 – Updated: 2024-08-05 04:50
VLAI
Summary
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Severity
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure and/or Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://edk2-docs.gitbooks.io/security-advisory/c… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:2125 | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Extensible Firmware Interface Development Kit (EDK II) | Extensible Firmware Interface Development Kit (EDK II) |
Affected:
N/A
|
Date Public
2019-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Extensible Firmware Interface Development Kit (EDK II)",
"vendor": "Extensible Firmware Interface Development Kit (EDK II)",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2019-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure and/or Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:12.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Extensible Firmware Interface Development Kit (EDK II)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure and/or Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"
},
{
"name": "FEDORA-2019-bff1cbaba3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3613",
"datePublished": "2019-03-27T19:16:58.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:50:30.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}