Edk2
by Tianocore
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36764 | 0.00 | — | 0.00 | Jan 9, 2024 | EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||
| CVE-2022-36763 | 0.00 | — | 0.00 | Jan 9, 2024 | EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||
| CVE-2021-38576 | 0.00 | — | 0.01 | Jan 3, 2022 | A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. | |||
| CVE-2021-28213 | 0.00 | — | 0.01 | Jun 11, 2021 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | |||
| CVE-2019-14584 | 0.00 | — | 0.00 | Jun 3, 2021 | Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2014-8271 | 0.00 | — | 0.00 | Feb 6, 2020 | Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. |
- CVE-2022-36764Jan 9, 2024risk 0.00cvss —epss 0.00
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
- CVE-2022-36763Jan 9, 2024risk 0.00cvss —epss 0.00
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
- CVE-2021-38576Jan 3, 2022risk 0.00cvss —epss 0.01
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
- CVE-2021-28213Jun 11, 2021risk 0.00cvss —epss 0.01
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
- CVE-2019-14584Jun 3, 2021risk 0.00cvss —epss 0.00
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2014-8271Feb 6, 2020risk 0.00cvss —epss 0.00
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
Page 2 of 2