EDK II
by Tianocore
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-38578 | 0.00 | — | 0.00 | Mar 3, 2022 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | |||
| CVE-2021-38575 | 0.00 | — | 0.01 | Dec 1, 2021 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | |||
| CVE-2021-28216 | 0.00 | — | 0.00 | Aug 5, 2021 | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | |||
| CVE-2021-28213 | 0.00 | — | 0.00 | Jun 11, 2021 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | |||
| CVE-2021-28211 | 0.00 | — | 0.00 | Jun 11, 2021 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | |||
| CVE-2021-28210 | 0.00 | — | 0.00 | Jun 11, 2021 | An unlimited recursion in DxeCore in EDK II. |
- CVE-2021-38578Mar 3, 2022risk 0.00cvss —epss 0.00
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
- CVE-2021-38575Dec 1, 2021risk 0.00cvss —epss 0.01
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
- CVE-2021-28216Aug 5, 2021risk 0.00cvss —epss 0.00
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
- CVE-2021-28213Jun 11, 2021risk 0.00cvss —epss 0.00
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
- CVE-2021-28211Jun 11, 2021risk 0.00cvss —epss 0.00
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
- CVE-2021-28210Jun 11, 2021risk 0.00cvss —epss 0.00
An unlimited recursion in DxeCore in EDK II.