EDK II
by Tianocore
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-38578 | 0.00 | — | 0.01 | Mar 3, 2022 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | |||
| CVE-2021-38575 | 0.00 | — | 0.02 | Dec 1, 2021 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | |||
| CVE-2021-28216 | 0.00 | — | 0.00 | Aug 5, 2021 | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | |||
| CVE-2021-28213 | 0.00 | — | 0.01 | Jun 11, 2021 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | |||
| CVE-2021-28210 | 0.00 | — | 0.00 | Jun 11, 2021 | An unlimited recursion in DxeCore in EDK II. | |||
| CVE-2021-28211 | 0.00 | — | 0.00 | Jun 11, 2021 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | |||
| CVE-2019-14587 | 0.00 | — | 0.01 | Nov 23, 2020 | Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||
| CVE-2019-14586 | 0.00 | — | 0.01 | Nov 23, 2020 | Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | |||
| CVE-2019-14575 | 0.00 | — | 0.00 | Nov 23, 2020 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2019-14563 | 0.00 | — | 0.00 | Nov 23, 2020 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2019-14562 | 0.00 | — | 0.00 | Nov 23, 2020 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. | |||
| CVE-2019-14559 | 0.00 | — | 0.01 | Nov 23, 2020 | Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | |||
| CVE-2019-0161 | 0.00 | — | 0.00 | Mar 27, 2019 | Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. | |||
| CVE-2018-12180 | 0.00 | — | 0.02 | Mar 27, 2019 | Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. | |||
| CVE-2019-0160 | 0.00 | — | 0.01 | Mar 27, 2019 | Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | |||
| CVE-2018-12178 | 0.00 | — | 0.02 | Mar 27, 2019 | Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. |
- CVE-2021-38578Mar 3, 2022risk 0.00cvss —epss 0.01
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
- CVE-2021-38575Dec 1, 2021risk 0.00cvss —epss 0.02
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
- CVE-2021-28216Aug 5, 2021risk 0.00cvss —epss 0.00
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
- CVE-2021-28213Jun 11, 2021risk 0.00cvss —epss 0.01
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
- CVE-2021-28210Jun 11, 2021risk 0.00cvss —epss 0.00
An unlimited recursion in DxeCore in EDK II.
- CVE-2021-28211Jun 11, 2021risk 0.00cvss —epss 0.00
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
- CVE-2019-14587Nov 23, 2020risk 0.00cvss —epss 0.01
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- CVE-2019-14586Nov 23, 2020risk 0.00cvss —epss 0.01
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
- CVE-2019-14575Nov 23, 2020risk 0.00cvss —epss 0.00
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14563Nov 23, 2020risk 0.00cvss —epss 0.00
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14562Nov 23, 2020risk 0.00cvss —epss 0.00
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2019-14559Nov 23, 2020risk 0.00cvss —epss 0.01
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-0161Mar 27, 2019risk 0.00cvss —epss 0.00
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
- CVE-2018-12180Mar 27, 2019risk 0.00cvss —epss 0.02
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
- CVE-2019-0160Mar 27, 2019risk 0.00cvss —epss 0.01
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
- CVE-2018-12178Mar 27, 2019risk 0.00cvss —epss 0.02
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.