| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. |
| A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. |
| NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. |
| BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. |
| Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. |
| A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. |
| An unlimited recursion in DxeCore in EDK II. |
| Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. |
| Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. |
| Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. |
| Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. |
| Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. |
| Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. |
| Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. |
