Vulnerabilites related to TianoCore - edk2
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2025-02-13 18:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, { lang: "es", value: "EDK2's Network Package es susceptible a Initial Sequence Number TCP predecible. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad.", }, ], id: "CVE-2023-45237", lastModified: "2025-02-13T18:15:30.867", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:13.013", references: [ { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-338", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-338", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 16:15
Modified
2024-11-21 04:26
Severity ?
Summary
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=2215 | Issue Tracking, Vendor Advisory | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=2215 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tianocore | edk2 | - | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.", }, { lang: "es", value: "Un desbordamiento de enteros en la función DxeImageVerificationHandler() en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio del acceso local", }, ], id: "CVE-2019-14562", lastModified: "2024-11-21T04:26:58.013", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T16:15:12.727", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2215", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=2001 | Issue Tracking | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=2001 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tianocore | edk2 | - | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.", }, { lang: "es", value: "Un truncamiento de enteros en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local", }, ], id: "CVE-2019-14563", lastModified: "2024-11-21T04:26:58.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T17:15:11.890", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2001", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-681", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2025-02-13 18:15
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, { lang: "es", value: "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de búfer al procesar la opción de servidores DNS desde un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad, integridad y/o disponibilidad.", }, ], id: "CVE-2023-45234", lastModified: "2025-02-13T18:15:30.123", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:12.460", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-31 16:15
Modified
2024-11-21 02:11
Severity ?
Summary
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/552286 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/552286 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.", }, { lang: "es", value: "Un desbordamiento de enteros en la fase Drive Execution Environment (DXE) en la funcionalidad Capsule Update en la implementación de UEFI en EDK2, permite a atacantes físicamente próximos omitir las restricciones de acceso previstas por medio de datos diseñados.", }, ], id: "CVE-2014-4859", lastModified: "2024-11-21T02:11:00.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-31T16:15:10.300", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/552286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/552286", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-06 15:15
Modified
2024-11-21 02:18
Severity ?
Summary
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://sourceforge.net/p/edk2/code/16280/ | Patch | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/533140 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/p/edk2/code/16280/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/533140 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "8827B282-C466-4E07-9651-3CEBAE7F58CA", versionEndExcluding: "svn_16280", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.", }, { lang: "es", value: "Un desbordamiento del búfer en la función Reclaim en Tianocore EDK2 versiones anteriores a SVN 16280, permite a atacantes físicamente próximos alcanzar privilegios por medio de un nombre de variable largo.", }, ], id: "CVE-2014-8271", lastModified: "2024-11-21T02:18:46.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-06T15:15:10.733", references: [ { source: "cret@cert.org", tags: [ "Patch", ], url: "http://sourceforge.net/p/edk2/code/16280/", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/533140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://sourceforge.net/p/edk2/code/16280/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/533140", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-03 20:15
Modified
2024-11-21 04:26
Severity ?
Summary
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.redhat.com/show_bug.cgi?id=1889486 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1889486 | Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "C8CD2977-AB55-4A22-A26D-4E688327AC5D", versionEndExcluding: "2020-10-21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.", }, { lang: "es", value: "La desviación del puntero null en Tianocore EDK2 puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de acceso local", }, ], id: "CVE-2019-14584", lastModified: "2024-11-21T04:26:59.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-03T20:15:08.337", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1889486", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1889486", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=1989 | Issue Tracking, Vendor Advisory | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=1989 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tianocore | edk2 | - | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.", }, { lang: "es", value: "Un problema lógico de EDK II, puede habilitar a un usuario no autenticado para permitir potencialmente una denegación de servicio por medio de un acceso adyacente", }, ], id: "CVE-2019-14587", lastModified: "2024-11-21T04:26:59.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T17:15:12.110", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1989", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=1608 | Issue Tracking | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=1608 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tianocore | edk2 | - | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.", }, { lang: "es", value: "Un problema lógico en la función DxeImageVerificationHandler() para EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local", }, ], id: "CVE-2019-14575", lastModified: "2024-11-21T04:26:59.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T17:15:11.970", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1608", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1608", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:59
Severity ?
Summary
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=1816 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=1816 | Exploit, Issue Tracking, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:202008:*:*:*:*:*:*:*", matchCriteriaId: "1C45BEB6-1F89-4813-B2CF-90639F9CE525", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.", }, { lang: "es", value: "Un desbordamiento de la pila en la función zmaUefiDecompressGetInfo en EDK II", }, ], id: "CVE-2021-28211", lastModified: "2024-11-21T05:59:22.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-11T16:15:12.503", references: [ { source: "infosec@edk2.groups.io", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1816", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2025-02-13 18:15
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability when
handling Server ID option
from a DHCPv6 proxy Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, { lang: "es", value: "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de búfer cuando maneja la opción de ID del servidor desde un mensaje de publicidad del proxy DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad, integridad y/o disponibilidad.", }, ], id: "CVE-2023-45235", lastModified: "2025-02-13T18:15:30.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:12.643", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 16:15
Modified
2024-11-21 04:26
Severity ?
Summary
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=2031 | Issue Tracking | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=2031 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.", }, { lang: "es", value: "Un consumo incontrolado de recursos en EDK II, puede permitir a un usuario no autenticado habilitar potencialmente una denegación de servicio por medio del acceso a la red", }, ], id: "CVE-2019-14559", lastModified: "2024-11-21T04:26:57.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T16:15:12.667", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2025-02-13 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.", }, { lang: "es", value: "EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar una opción PadN en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de disponibilidad.", }, ], id: "CVE-2023-45233", lastModified: "2025-02-13T18:15:29.997", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:12.277", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-01 18:15
Modified
2024-11-21 06:17
Severity ?
Summary
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=3356 | Exploit, Issue Tracking, Vendor Advisory | |
| infosec@edk2.groups.io | https://www.insyde.com/security-pledge/SA-2023025 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=3356 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2023025 | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "D81E5FE6-D7EC-49DA-BB6A-E58F9D7D3FBB", versionEndIncluding: "202105", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*", matchCriteriaId: "FFCC4619-B867-4E23-AF05-FF92B43628AF", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*", matchCriteriaId: "FB40061A-BEDF-4D72-BF2D-D1B10EB80A60", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*", matchCriteriaId: "9D6AFE61-A2A4-49DF-A8EE-B2F425DA7A08", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*", matchCriteriaId: "D21132C0-F2CF-4134-A165-926155031913", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*", matchCriteriaId: "6549F7F1-A438-4C84-9D66-C89C697E2A9B", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*", matchCriteriaId: "DE339FA1-8572-4365-B420-530D62686C08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.", }, { lang: "es", value: "NetworkPkg/IScsiDxe presenta unos desbordamientos de búfer explotables de forma remota", }, ], id: "CVE-2021-38575", lastModified: "2024-11-21T06:17:32.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-01T18:15:07.760", references: [ { source: "infosec@edk2.groups.io", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3356", }, { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", ], url: "https://www.insyde.com/security-pledge/SA-2023025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.insyde.com/security-pledge/SA-2023025", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-124", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2024-11-21 08:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing Neighbor Discovery Redirect message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, { lang: "es", value: "El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los límites al procesar el mensaje de redirección de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad.", }, ], id: "CVE-2023-45231", lastModified: "2024-11-21T08:26:35.930", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:11.910", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 16:15
Modified
2024-11-21 04:26
Severity ?
Summary
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=960 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=960 | Issue Tracking |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.", }, { lang: "es", value: "Una autenticación inapropiada en EDK II, puede permitir a un usuario privilegiado habilitar potencialmente una divulgación de información por medio del acceso a la red", }, ], id: "CVE-2019-14553", lastModified: "2024-11-21T04:26:57.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T16:15:12.603", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=960", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:59
Severity ?
Summary
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=1866 | Issue Tracking, Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=1866 | Issue Tracking, Permissions Required, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:201905:*:*:*:*:*:*:*", matchCriteriaId: "5A3F577A-A397-4185-B477-C31065B6F598", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.", }, { lang: "es", value: "La clave privada cifrada Example EDK2 en el archivo IpSecDxe.efi presenta riesgos potenciales de seguridad", }, ], id: "CVE-2021-28213", lastModified: "2024-11-21T05:59:22.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-11T16:15:12.570", references: [ { source: "infosec@edk2.groups.io", tags: [ "Issue Tracking", "Permissions Required", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Permissions Required", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1866", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-03 22:15
Modified
2024-11-21 06:17
Severity ?
Summary
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=3499 | Issue Tracking, Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=3499 | Issue Tracking, Permissions Required, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:201808:*:*:*:*:*:*:*", matchCriteriaId: "8757385B-6944-488F-B565-417A37C24774", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:201811:*:*:*:*:*:*:*", matchCriteriaId: "E5C29B4B-635D-498E-BFA0-C99810C7867F", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:201903:*:*:*:*:*:*:*", matchCriteriaId: "A599E9E7-B318-4C66-A2F8-6137DE9EF8AC", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:201905:*:*:*:*:*:*:*", matchCriteriaId: "5A3F577A-A397-4185-B477-C31065B6F598", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:201908:*:*:*:*:*:*:*", matchCriteriaId: "76E6EC0C-BA9E-47AD-9A8E-D40BE97CAAFA", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:201911:*:*:*:*:*:*:*", matchCriteriaId: "B2AFB7F1-63CF-4E11-8FD5-1E8D054616CF", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:202002:*:*:*:*:*:*:*", matchCriteriaId: "02217318-D1DB-41BB-BE48-89BC3F0FA38C", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:202005:*:*:*:*:*:*:*", matchCriteriaId: "5193EFCE-3330-48FA-8C63-4CE328A2D339", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:202008:*:*:*:*:*:*:*", matchCriteriaId: "1C45BEB6-1F89-4813-B2CF-90639F9CE525", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:202011:*:*:*:*:*:*:*", matchCriteriaId: "C76CE4FB-3BDE-464B-9807-093839D6DB24", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:202102:*:*:*:*:*:*:*", matchCriteriaId: "063761E2-5C4D-480F-90FE-41D5ECC35E94", vulnerable: true, }, { criteria: "cpe:2.3:a:tianocore:edk2:202105:*:*:*:*:*:*:*", matchCriteriaId: "07F01519-D5C8-4BEE-A89B-8090F9A415CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.", }, { lang: "es", value: "Un error de la BIOS en el firmware de un determinado modelo de PC deja vacío el valor de autorización de la plataforma. Esto puede ser usado para brickear permanentemente el TPM de múltiples maneras, así como para DoS no permanente del sistema", }, ], id: "CVE-2021-38576", lastModified: "2024-11-21T06:17:33.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-03T22:15:09.903", references: [ { source: "infosec@edk2.groups.io", tags: [ "Issue Tracking", "Permissions Required", "Third Party Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Permissions Required", "Third Party Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3499", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2024-11-21 08:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, { lang: "es", value: "EDK2's Network Package es susceptible a una vulnerabilidad de lectura fuera de los límites cuando procesa la opción IA_NA o IA_TA en un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad.", }, ], id: "CVE-2023-45229", lastModified: "2024-11-21T08:26:35.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:11.533", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "infosec@edk2.groups.io", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-09 16:15
Modified
2025-02-13 17:15
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, { lang: "es", value: "EDK2 es susceptible a una vulnerabilidad en la función Tcg2MeasureGptTable(), lo que permite a un usuario desencadenar un desbordamiento de búfer de almacenamiento dinámico a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad.", }, ], id: "CVE-2022-36763", lastModified: "2025-02-13T17:15:41.607", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.1, impactScore: 5.3, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-09T16:15:43.053", references: [ { source: "infosec@edk2.groups.io", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-09 16:15
Modified
2025-02-13 17:15
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, { lang: "es", value: "EDK2 es susceptible a una vulnerabilidad en la función CreateHob(), lo que permite a un usuario activar un desbordamiento de enteros para desbordar el búfer a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad.", }, ], id: "CVE-2022-36765", lastModified: "2025-02-13T17:15:41.883", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.1, impactScore: 5.3, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-09T16:15:43.500", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-680", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-31 16:15
Modified
2024-11-21 02:11
Severity ?
Summary
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/552286 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/552286 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.", }, { lang: "es", value: "Múltiples desbordamientos de enteros en la fase de arranque de Pre-EFI Initialization (PEI) en la funcionalidad Capsule Update en la implementación de UEFI en EDK2, permiten a atacantes físicamente próximos omitir las restricciones de acceso previstas al proporcionar datos diseñados que no son manejados apropiadamente durante la fase de fusión.", }, ], id: "CVE-2014-4860", lastModified: "2024-11-21T02:11:00.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-31T16:15:10.377", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/552286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/552286", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=1995 | Issue Tracking, Vendor Advisory | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=1995 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tianocore | edk2 | - | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", matchCriteriaId: "97ADE942-4E59-42FE-A941-6923025B04D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.", }, { lang: "es", value: "Una vulnerabilidad de uso de la memoria previamente liberada en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios, una divulgación de información y/o una denegación de servicio por medio de un acceso adyacente", }, ], id: "CVE-2019-14586", lastModified: "2024-11-21T04:26:59.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T17:15:12.047", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1995", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:59
Severity ?
Summary
An unlimited recursion in DxeCore in EDK II.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=1743 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=1743 | Exploit, Issue Tracking, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "F0242CC2-68D7-42BA-9163-7F40AACA65CF", versionEndExcluding: "202008", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An unlimited recursion in DxeCore in EDK II.", }, { lang: "es", value: "Una recursión ilimitada en la función DxeCore en EDK II", }, ], id: "CVE-2021-28210", lastModified: "2024-11-21T05:59:22.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-11T16:15:12.430", references: [ { source: "infosec@edk2.groups.io", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1743", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-09 16:15
Modified
2025-02-13 17:15
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, { lang: "es", value: "EDK2 es susceptible a una vulnerabilidad en la función Tcg2MeasurePeImage(), lo que permite a un usuario desencadenar un desbordamiento de búfer de almacenamiento dinámico a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad.", }, ], id: "CVE-2022-36764", lastModified: "2025-02-13T17:15:41.763", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.1, impactScore: 5.3, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-09T16:15:43.327", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2025-02-13 18:15
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, { lang: "es", value: "EDK2's Network Package es susceptible a Initial Sequence Number TCP predecible. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad.", }, ], id: "CVE-2023-45236", lastModified: "2025-02-13T18:15:30.720", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:12.820", references: [ { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-338", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2025-02-13 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.", }, { lang: "es", value: "EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar opciones desconocidas en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de disponibilidad.", }, ], id: "CVE-2023-45232", lastModified: "2025-02-13T18:15:29.863", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:12.090", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-03 22:15
Modified
2024-11-21 06:17
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=3387 | Issue Tracking, Vendor Advisory | |
| infosec@edk2.groups.io | https://www.insyde.com/security-pledge/SA-2023024 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=3387 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2023024 | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "A2B1E98B-2D63-42E3-B6F8-139CC32BA4B0", versionEndIncluding: "202202", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*", matchCriteriaId: "FFCC4619-B867-4E23-AF05-FF92B43628AF", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*", matchCriteriaId: "FB40061A-BEDF-4D72-BF2D-D1B10EB80A60", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*", matchCriteriaId: "9D6AFE61-A2A4-49DF-A8EE-B2F425DA7A08", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*", matchCriteriaId: "D21132C0-F2CF-4134-A165-926155031913", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*", matchCriteriaId: "6549F7F1-A438-4C84-9D66-C89C697E2A9B", vulnerable: true, }, { criteria: "cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*", matchCriteriaId: "DE339FA1-8572-4365-B420-530D62686C08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.", }, { lang: "es", value: "Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize", }, ], id: "CVE-2021-38578", lastModified: "2024-11-21T06:17:33.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-03T22:15:08.423", references: [ { source: "infosec@edk2.groups.io", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3387", }, { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", ], url: "https://www.insyde.com/security-pledge/SA-2023024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.insyde.com/security-pledge/SA-2023024", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-124", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 16:15
Modified
2025-02-13 18:15
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3CEB3105-57CC-4096-81D3-D58005813C4B", versionEndIncluding: "202311", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, { lang: "es", value: "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de búfer a través de una opción de ID de servidor larga en el cliente DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad, integridad y/o disponibilidad.", }, ], id: "CVE-2023-45230", lastModified: "2025-02-13T18:15:29.630", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "infosec@edk2.groups.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-16T16:15:11.727", references: [ { source: "infosec@edk2.groups.io", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "infosec@edk2.groups.io", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "infosec@edk2.groups.io", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "infosec@edk2.groups.io", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "infosec@edk2.groups.io", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], sourceIdentifier: "infosec@edk2.groups.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "infosec@edk2.groups.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 15:15
Modified
2024-11-21 03:28
Severity ?
Summary
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugzilla.tianocore.org/show_bug.cgi?id=686 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=686 | Issue Tracking, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", matchCriteriaId: "3635374D-FD01-4005-97EE-6722A7F3E416", versionEndExcluding: "2017-11-07", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.", }, { lang: "es", value: "La comprobación de límites en Tianocompress en versiones anteriores al 7 de noviembre de 2017 puede permitir que un usuario autenticado permita potencialmente una escalada de privilegios mediante el acceso local.", }, ], id: "CVE-2017-5731", lastModified: "2024-11-21T03:28:18.473", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T15:15:13.083", references: [ { source: "secure@intel.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=686", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-45230
Vulnerability from cvelistv5
Published
2024-01-16 16:08
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.957Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "edk2", vendor: "tianocore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-45230", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T15:55:11.645108Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T15:59:09.651Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, ], value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, ], impacts: [ { capecId: "CAPEC-540", descriptions: [ { lang: "en", value: "CAPEC-540 Overread Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:15.223Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Buffer Overflow in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45230", datePublished: "2024-01-16T16:08:01.058Z", dateReserved: "2023-10-05T20:48:19.877Z", dateUpdated: "2025-02-13T17:13:53.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45234
Vulnerability from cvelistv5
Published
2024-01-16 16:14
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.990Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, ], value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, ], impacts: [ { capecId: "CAPEC-540", descriptions: [ { lang: "en", value: "CAPEC-540 Overread Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:18.934Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "vendor-advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Buffer Overflow in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45234", datePublished: "2024-01-16T16:14:28.209Z", dateReserved: "2023-10-05T20:48:19.879Z", dateUpdated: "2025-02-13T17:13:56.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14559
Vulnerability from cvelistv5
Published
2020-11-23 15:50
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=2031 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Version: EDK II |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Extensible Firmware Interface Development Kit (EDK II)", vendor: "n/a", versions: [ { status: "affected", version: "EDK II", }, ], }, ], descriptions: [ { lang: "en", value: "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-29T21:06:27", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14559", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Extensible Firmware Interface Development Kit (EDK II)", version: { version_data: [ { version_value: "EDK II", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14559", datePublished: "2020-11-23T15:50:32", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.363Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38575
Vulnerability from cvelistv5
Published
2021-12-01 00:00
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.483Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3356", }, { tags: [ "x_transferred", ], url: "https://www.insyde.com/security-pledge/SA-2023025", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "EDK II", vendor: "TianoCore", versions: [ { lessThanOrEqual: "edk2-stable202105", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-124", description: "A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-23T00:00:00", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3356", }, { url: "https://www.insyde.com/security-pledge/SA-2023025", }, ], }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2021-38575", datePublished: "2021-12-01T00:00:00", dateReserved: "2021-08-11T00:00:00", dateUpdated: "2024-08-04T01:44:23.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14553
Vulnerability from cvelistv5
Published
2020-11-23 15:50
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=960 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Version: EDK II |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=960", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Extensible Firmware Interface Development Kit (EDK II)", vendor: "n/a", versions: [ { status: "affected", version: "EDK II", }, ], }, ], descriptions: [ { lang: "en", value: "Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.", }, ], problemTypes: [ { descriptions: [ { description: "information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-23T15:50:19", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=960", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14553", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Extensible Firmware Interface Development Kit (EDK II)", version: { version_data: [ { version_value: "EDK II", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=960", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=960", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14553", datePublished: "2020-11-23T15:50:19", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36765
Vulnerability from cvelistv5
Published
2024-01-09 16:10
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:14:28.445Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { lessThanOrEqual: "202311", status: "affected", version: "*", versionType: "Stable", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2 is susceptible to a vulnerability in the CreateHob<code>()</code> function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, ], value: "EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-680", description: "CWE-680: Integer Overflow to Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:08.073Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Integer Overflow in CreateHob", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2022-36765", datePublished: "2024-01-09T16:10:16.350Z", dateReserved: "2022-07-25T19:43:11.215Z", dateUpdated: "2025-02-13T16:32:51.743Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14584
Vulnerability from cvelistv5
Published
2021-06-03 19:56
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1889486 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Tianocore EDK2 |
Version: See reference |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.364Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1889486", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Tianocore EDK2", vendor: "n/a", versions: [ { status: "affected", version: "See reference", }, ], }, ], descriptions: [ { lang: "en", value: "Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], problemTypes: [ { descriptions: [ { description: "escalation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-03T19:56:01", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1889486", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14584", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Tianocore EDK2", version: { version_data: [ { version_value: "See reference", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "escalation of privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1889486", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1889486", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14584", datePublished: "2021-06-03T19:56:01", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-4859
Vulnerability from cvelistv5
Published
2020-01-31 15:08
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/552286 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Phoenix Technologies Ltd. | SCT3 |
Version: before 5/23/2014 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:27:36.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/552286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SCT3", vendor: "Phoenix Technologies Ltd.", versions: [ { status: "affected", version: "before 5/23/2014", }, ], }, { product: "BIOS", vendor: "American Megatrends Incorporated (AMI)", versions: [ { status: "affected", version: "unknown", }, ], }, ], datePublic: "2014-08-07T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.", }, ], problemTypes: [ { descriptions: [ { description: "Integer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-31T15:08:20", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.kb.cert.org/vuls/id/552286", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2014-4859", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SCT3", version: { version_data: [ { version_value: "before 5/23/2014", }, ], }, }, ], }, vendor_name: "Phoenix Technologies Ltd.", }, { product: { product_data: [ { product_name: "BIOS", version: { version_data: [ { version_value: "unknown", }, ], }, }, ], }, vendor_name: "American Megatrends Incorporated (AMI)", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Integer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "http://www.kb.cert.org/vuls/id/552286", refsource: "MISC", url: "http://www.kb.cert.org/vuls/id/552286", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2014-4859", datePublished: "2020-01-31T15:08:20", dateReserved: "2014-07-10T00:00:00", dateUpdated: "2024-08-06T11:27:36.851Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1298
Vulnerability from cvelistv5
Published
2024-05-30 20:46
Modified
2025-03-07 00:10
Severity ?
EPSS score ?
Summary
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-03-07T00:10:43.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN/", }, { url: "https://security.netapp.com/advisory/ntap-20250306-0002/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "edk2", vendor: "tianocore", versions: [ { lessThan: "edk2-stable202405", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-1298", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-13T14:21:54.741794Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-13T18:23:43.259Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { lessThan: "edk2-stable202405", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Binarly", }, ], datePublic: "2024-05-30T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.</p>", }, ], value: "EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.", }, ], impacts: [ { capecId: "CAPEC-128", descriptions: [ { lang: "en", value: "CAPEC-128 Integer Attacks", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-369", description: "CWE-369 Divide By Zero", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-11T03:06:08.043Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN/", }, ], source: { advisory: "BRLY-2023-021", discovery: "EXTERNAL", }, title: "Integer Overflow caused by divide by zero during S3 suspension", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2024-1298", datePublished: "2024-05-30T20:46:21.627Z", dateReserved: "2024-02-06T22:34:56.196Z", dateUpdated: "2025-03-07T00:10:43.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45232
Vulnerability from cvelistv5
Published
2024-01-16 16:12
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.743Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.", }, ], value: "EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:11.467Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "vendor-advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Infinite loop in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45232", datePublished: "2024-01-16T16:12:32.584Z", dateReserved: "2023-10-05T20:48:19.878Z", dateUpdated: "2025-02-13T17:13:55.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38796
Vulnerability from cvelistv5
Published
2024-09-27 21:45
Modified
2024-12-06 13:09
Severity ?
EPSS score ?
Summary
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T13:57:08.880843Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T13:57:22.176Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-06T13:09:30.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241206-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "MdePkg", product: "EDK2", vendor: "TianoCore", versions: [ { lessThanOrEqual: "edk2-stable202405", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.</p>", }, ], value: "EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-27T21:45:00.730Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm", }, ], source: { discovery: "UNKNOWN", }, title: "Integer overflow in PeCoffLoaderRelocateImage", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2024-38796", datePublished: "2024-09-27T21:45:00.730Z", dateReserved: "2024-06-19T17:05:09.904Z", dateUpdated: "2024-12-06T13:09:30.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28210
Vulnerability from cvelistv5
Published
2021-06-11 15:11
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
An unlimited recursion in DxeCore in EDK II.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=1743 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:12.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1743", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "EDK II", vendor: "TianoCore", versions: [ { lessThanOrEqual: "edk2-stable202008", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An unlimited recursion in DxeCore in EDK II.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption.", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-11T15:11:23", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1743", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "infosec@edk2.groups.io", ID: "CVE-2021-28210", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "EDK II", version: { version_data: [ { version_affected: "<=", version_value: "edk2-stable202008", }, ], }, }, ], }, vendor_name: "TianoCore", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An unlimited recursion in DxeCore in EDK II.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption.", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=1743", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1743", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2021-28210", datePublished: "2021-06-11T15:11:23", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:12.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45233
Vulnerability from cvelistv5
Published
2024-01-16 16:13
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:20.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.", }, ], value: "EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:17.031Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "vendor-advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Infinite loop in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45233", datePublished: "2024-01-16T16:13:50.113Z", dateReserved: "2023-10-05T20:48:19.878Z", dateUpdated: "2025-02-13T17:13:55.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45229
Vulnerability from cvelistv5
Published
2024-01-16 16:07
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], value: "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], impacts: [ { capecId: "CAPEC-540", descriptions: [ { lang: "en", value: "CAPEC-540 Overread Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T17:06:42.254Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "vendor-advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], source: { discovery: "UNKNOWN", }, title: "Out-of-Bounds Read in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45229", datePublished: "2024-01-16T16:07:31.826Z", dateReserved: "2023-10-05T20:48:19.877Z", dateUpdated: "2025-02-13T17:13:53.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-8271
Vulnerability from cvelistv5
Published
2020-02-06 14:03
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/p/edk2/code/16280/ | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/533140 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:10:51.117Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://sourceforge.net/p/edk2/code/16280/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/533140", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "EDK2", vendor: "Tianocore", versions: [ { status: "affected", version: "before SVN 16280", }, ], }, ], datePublic: "2014-12-28T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.", }, ], problemTypes: [ { descriptions: [ { description: "Buffer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-06T14:03:57", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://sourceforge.net/p/edk2/code/16280/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.kb.cert.org/vuls/id/533140", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2014-8271", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "EDK2", version: { version_data: [ { version_value: "before SVN 16280", }, ], }, }, ], }, vendor_name: "Tianocore", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "http://sourceforge.net/p/edk2/code/16280/", refsource: "MISC", url: "http://sourceforge.net/p/edk2/code/16280/", }, { name: "http://www.kb.cert.org/vuls/id/533140", refsource: "MISC", url: "http://www.kb.cert.org/vuls/id/533140", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2014-8271", datePublished: "2020-02-06T14:03:57", dateReserved: "2014-10-12T00:00:00", dateUpdated: "2024-08-06T13:10:51.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12546
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ containers: { cna: { providerMetadata: { dateUpdated: "2025-03-13T02:48:27.217Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, rejectedReasons: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2024-12546", datePublished: "2025-03-11T14:02:41.234Z", dateRejected: "2025-03-13T02:48:27.217Z", dateReserved: "2024-12-11T21:27:48.898Z", dateUpdated: "2025-03-13T02:48:27.217Z", state: "REJECTED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36763
Vulnerability from cvelistv5
Published
2024-01-09 16:09
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:14:28.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { lessThanOrEqual: "202311", status: "affected", version: "*", versionType: "Stable", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2 is susceptible to a vulnerability in the <code>Tcg2MeasureGptTable()</code> function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, ], value: "EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:09.743Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Heap Buffer Overflow in Tcg2MeasureGptTable", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2022-36763", datePublished: "2024-01-09T16:09:11.058Z", dateReserved: "2022-07-25T19:41:56.247Z", dateUpdated: "2025-02-13T16:32:50.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45237
Vulnerability from cvelistv5
Published
2024-01-16 16:11
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.957Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45237", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T19:58:00.747301Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T19:58:20.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], value: "EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], impacts: [ { capecId: "CAPEC-13", descriptions: [ { lang: "en", value: "CAPEC-13 Subverting Environment Variable Values", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-338", description: "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T17:06:47.741Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], source: { discovery: "UNKNOWN", }, title: "Use of a Weak PseudoRandom Number Generator in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45237", datePublished: "2024-01-16T16:11:11.556Z", dateReserved: "2023-10-05T20:48:19.879Z", dateUpdated: "2025-02-13T17:13:57.780Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14562
Vulnerability from cvelistv5
Published
2020-11-23 15:50
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=2215 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Version: EDK II |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2215", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Extensible Firmware Interface Development Kit (EDK II)", vendor: "n/a", versions: [ { status: "affected", version: "EDK II", }, ], }, ], descriptions: [ { lang: "en", value: "Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-29T21:06:26", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2215", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14562", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Extensible Firmware Interface Development Kit (EDK II)", version: { version_data: [ { version_value: "EDK II", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of service", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=2215", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2215", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14562", datePublished: "2020-11-23T15:50:41", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.322Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28211
Vulnerability from cvelistv5
Published
2021-06-11 15:11
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=1816 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:13.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1816", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "EDK II", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202008", }, ], }, ], descriptions: [ { lang: "en", value: "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function.", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-11T15:11:23", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1816", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "infosec@edk2.groups.io", ID: "CVE-2021-28211", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "EDK II", version: { version_data: [ { version_affected: "=", version_value: "edk2-stable202008", }, ], }, }, ], }, vendor_name: "TianoCore", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function.", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=1816", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1816", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2021-28211", datePublished: "2021-06-11T15:11:23", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:13.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38576
Vulnerability from cvelistv5
Published
2022-01-03 21:07
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=3499 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3499", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "EDK II", vendor: "n/a", versions: [ { status: "affected", version: "edk2-stable202105, edk2-stable202102, edk2-stable202011, edk2-stable202008, edk2-stable202005, edk2-stable202002, edk2-stable201911, edk2-stable201908, edk2-stable201905, edk2-stable201903, edk2-stable201811, edk2-stable201808", }, ], }, ], descriptions: [ { lang: "en", value: "A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.", }, ], problemTypes: [ { descriptions: [ { description: "Security Feature Bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-03T21:07:45", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3499", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "infosec@edk2.groups.io", ID: "CVE-2021-38576", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "EDK II", version: { version_data: [ { version_value: "edk2-stable202105, edk2-stable202102, edk2-stable202011, edk2-stable202008, edk2-stable202005, edk2-stable202002, edk2-stable201911, edk2-stable201908, edk2-stable201905, edk2-stable201903, edk2-stable201811, edk2-stable201808", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Security Feature Bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=3499", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3499", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2021-38576", datePublished: "2022-01-03T21:07:45", dateReserved: "2021-08-11T00:00:00", dateUpdated: "2024-08-04T01:44:23.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14587
Vulnerability from cvelistv5
Published
2020-11-23 16:15
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=1989 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Version: EDK II |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.342Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1989", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Extensible Firmware Interface Development Kit (EDK II)", vendor: "n/a", versions: [ { status: "affected", version: "EDK II", }, ], }, ], descriptions: [ { lang: "en", value: "Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-29T21:06:23", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1989", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14587", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Extensible Firmware Interface Development Kit (EDK II)", version: { version_data: [ { version_value: "EDK II", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=1989", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1989", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14587", datePublished: "2020-11-23T16:15:08", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14563
Vulnerability from cvelistv5
Published
2020-11-23 16:11
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=2001 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Version: EDK II |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.365Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2001", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Extensible Firmware Interface Development Kit (EDK II)", vendor: "n/a", versions: [ { status: "affected", version: "EDK II", }, ], }, ], descriptions: [ { lang: "en", value: "Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-29T21:06:23", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2001", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14563", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Extensible Firmware Interface Development Kit (EDK II)", version: { version_data: [ { version_value: "EDK II", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=2001", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2001", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14563", datePublished: "2020-11-23T16:11:10", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38578
Vulnerability from cvelistv5
Published
2022-03-03 21:53
Modified
2025-04-23 18:59
Severity ?
EPSS score ?
Summary
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=3387 | x_refsource_MISC | |
| https://www.insyde.com/security-pledge/SA-2023024 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3387", }, { tags: [ "x_transferred", ], url: "https://www.insyde.com/security-pledge/SA-2023024", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-38578", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-23T13:13:33.412696Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-23T18:59:05.792Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "EDK II", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202208", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.</p>", }, ], value: "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-124", description: "A case of CWE-124 is occurring in PiSmmCore.", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-06T00:55:57.322Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=3387", }, { url: "https://www.insyde.com/security-pledge/SA-2023024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2021-38578", datePublished: "2022-03-03T21:53:37.000Z", dateReserved: "2021-08-11T00:00:00.000Z", dateUpdated: "2025-04-23T18:59:05.792Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28213
Vulnerability from cvelistv5
Published
2021-06-11 15:11
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=1866 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:12.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1866", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "EDK II", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable201905", }, ], }, ], descriptions: [ { lang: "en", value: "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.", }, ], problemTypes: [ { descriptions: [ { description: "Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-11T15:11:23", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1866", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "infosec@edk2.groups.io", ID: "CVE-2021-28213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "EDK II", version: { version_data: [ { version_affected: "=", version_value: "edk2-stable201905", }, ], }, }, ], }, vendor_name: "TianoCore", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Replacing example EDK II encrypted private key stored in PcdIpsecUefiCertificateKey presents potential security risks that will expose manufacturer key pair in EDK II.", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=1866", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1866", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2021-28213", datePublished: "2021-06-11T15:11:23", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:12.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-4860
Vulnerability from cvelistv5
Published
2020-01-31 15:08
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/552286 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Phoenix Technologies Ltd. | SCT3 |
Version: before 5/23/2014 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:27:36.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/552286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SCT3", vendor: "Phoenix Technologies Ltd.", versions: [ { status: "affected", version: "before 5/23/2014", }, ], }, { product: "BIOS", vendor: "American Megatrends Incorporated (AMI)", versions: [ { status: "affected", version: "unknown", }, ], }, ], datePublic: "2014-08-07T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-31T15:08:16", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.kb.cert.org/vuls/id/552286", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2014-4860", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SCT3", version: { version_data: [ { version_value: "before 5/23/2014", }, ], }, }, ], }, vendor_name: "Phoenix Technologies Ltd.", }, { product: { product_data: [ { product_name: "BIOS", version: { version_data: [ { version_value: "unknown", }, ], }, }, ], }, vendor_name: "American Megatrends Incorporated (AMI)", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Other", }, ], }, ], }, references: { reference_data: [ { name: "http://www.kb.cert.org/vuls/id/552286", refsource: "MISC", url: "http://www.kb.cert.org/vuls/id/552286", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2014-4860", datePublished: "2020-01-31T15:08:16", dateReserved: "2014-07-10T00:00:00", dateUpdated: "2024-08-06T11:27:36.943Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14586
Vulnerability from cvelistv5
Published
2020-11-23 16:11
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=1995 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Version: EDK II |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.393Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1995", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Extensible Firmware Interface Development Kit (EDK II)", vendor: "n/a", versions: [ { status: "affected", version: "EDK II", }, ], }, ], descriptions: [ { lang: "en", value: "Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.", }, ], problemTypes: [ { descriptions: [ { description: "escalation of privilege, information disclosure, denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-29T21:06:28", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1995", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14586", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Extensible Firmware Interface Development Kit (EDK II)", version: { version_data: [ { version_value: "EDK II", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "escalation of privilege, information disclosure, denial of service", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=1995", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1995", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14586", datePublished: "2020-11-23T16:11:27", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.393Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38797
Vulnerability from cvelistv5
Published
2025-04-07 17:18
Modified
2025-04-08 16:00
Severity ?
EPSS score ?
Summary
EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38797", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-08T14:20:28.057758Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-08T16:00:53.582Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "SecurityPkg", product: "EDK2", vendor: "TianoCore", versions: [ { lessThanOrEqual: "edk2-stable202408", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2025-04-07T17:10:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.</p>", }, ], value: "EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-07T17:18:01.014Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf", }, ], source: { discovery: "UNKNOWN", }, title: "Out-of-bounds Read in HashPeImageByType()", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2024-38797", datePublished: "2025-04-07T17:18:01.014Z", dateReserved: "2024-06-19T17:05:09.904Z", dateUpdated: "2025-04-08T16:00:53.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-2295
Vulnerability from cvelistv5
Published
2025-03-14 21:35
Modified
2025-03-18 16:19
Severity ?
EPSS score ?
Summary
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-2295", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-17T15:58:41.859962Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-18T16:19:50.500Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "NetworkPkg", product: "EDK2", vendor: "TianoCore", versions: [ { lessThanOrEqual: "edk2-stable202502", status: "affected", version: "0", versionType: "Custom", }, ], }, ], datePublic: "2025-03-14T21:33:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", }, ], value: "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T21:35:10.484Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x", }, ], source: { discovery: "UNKNOWN", }, title: "Potential iSCSI R2T PDU Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2025-2295", datePublished: "2025-03-14T21:35:10.484Z", dateReserved: "2025-03-13T18:56:12.506Z", dateUpdated: "2025-03-18T16:19:50.500Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36764
Vulnerability from cvelistv5
Published
2024-01-09 16:09
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:14:28.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-36764", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-06T21:12:01.620840Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T15:13:09.526Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { lessThanOrEqual: "202311", status: "affected", version: "*", versionType: "Stable", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2 is susceptible to a vulnerability in the <code>Tcg2MeasurePeImage()</code> function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, ], value: "EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:02.819Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Heap Buffer Overflow in Tcg2MeasurePeImage", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2022-36764", datePublished: "2024-01-09T16:09:44.836Z", dateReserved: "2022-07-25T19:43:11.215Z", dateUpdated: "2025-02-13T16:32:51.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45231
Vulnerability from cvelistv5
Published
2024-01-16 16:09
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing Neighbor Discovery Redirect message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45231", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-30T18:59:05.991713Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-30T18:59:23.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], value: "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], impacts: [ { capecId: "CAPEC-540", descriptions: [ { lang: "en", value: "CAPEC-540 Overread Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:13.345Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { tags: [ "vendor-advisory", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Out-of-Bounds Read in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45231", datePublished: "2024-01-16T16:09:47.914Z", dateReserved: "2023-10-05T20:48:19.877Z", dateUpdated: "2025-02-13T17:13:54.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45235
Vulnerability from cvelistv5
Published
2024-01-16 16:11
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability when
handling Server ID option
from a DHCPv6 proxy Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, ], value: "EDK2's Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", }, ], impacts: [ { capecId: "CAPEC-540", descriptions: [ { lang: "en", value: "CAPEC-540 Overread Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T02:06:06.242Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", }, ], source: { discovery: "UNKNOWN", }, title: "Buffer Overflow in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45235", datePublished: "2024-01-16T16:11:41.215Z", dateReserved: "2023-10-05T20:48:19.879Z", dateUpdated: "2025-02-13T17:13:56.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5731
Vulnerability from cvelistv5
Published
2019-10-28 14:47
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=686 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:11:48.716Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=686", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Tianocore", vendor: "n/a", versions: [ { status: "affected", version: "before November 7, 2017", }, ], }, ], descriptions: [ { lang: "en", value: "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privilege, Denial of Service, Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-15T14:07:02", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=686", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2017-5731", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Tianocore", version: { version_data: [ { version_value: "before November 7, 2017", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privilege, Denial of Service, Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=686", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=686", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2017-5731", datePublished: "2019-10-28T14:47:35", dateReserved: "2017-02-01T00:00:00", dateUpdated: "2024-08-05T15:11:48.716Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45236
Vulnerability from cvelistv5
Published
2024-01-16 16:10
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "edk2", vendor: "TianoCore", versions: [ { status: "affected", version: "edk2-stable202308", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Quarkslab Vulnerability Reports Team", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Doug Flick", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], value: "EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", }, ], impacts: [ { capecId: "CAPEC-13", descriptions: [ { lang: "en", value: "CAPEC-13 Subverting Environment Variable Values", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T17:06:52.762Z", orgId: "65518388-201a-4f93-8712-366d21fe8d2c", shortName: "TianoCore", }, references: [ { url: "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/16/2", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0011/", }, ], source: { discovery: "UNKNOWN", }, title: "Predictable TCP ISNs in EDK II Network Package", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "65518388-201a-4f93-8712-366d21fe8d2c", assignerShortName: "TianoCore", cveId: "CVE-2023-45236", datePublished: "2024-01-16T16:10:38.262Z", dateReserved: "2023-10-05T20:48:19.879Z", dateUpdated: "2025-02-13T17:13:57.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14575
Vulnerability from cvelistv5
Published
2020-11-23 16:11
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=1608 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Extensible Firmware Interface Development Kit (EDK II) |
Version: EDK II |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:19:41.254Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1608", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Extensible Firmware Interface Development Kit (EDK II)", vendor: "n/a", versions: [ { status: "affected", version: "EDK II", }, ], }, ], descriptions: [ { lang: "en", value: "Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], problemTypes: [ { descriptions: [ { description: "escalation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-29T21:06:24", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1608", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2019-14575", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Extensible Firmware Interface Development Kit (EDK II)", version: { version_data: [ { version_value: "EDK II", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "escalation of privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.tianocore.org/show_bug.cgi?id=1608", refsource: "MISC", url: "https://bugzilla.tianocore.org/show_bug.cgi?id=1608", }, { name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2019-14575", datePublished: "2020-11-23T16:11:19", dateReserved: "2019-08-03T00:00:00", dateUpdated: "2024-08-05T00:19:41.254Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }