It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticated user could use this issue to potentially escalate their privileges via local access. (CVE-2017-5731) It was discovered that EDK II had an insufficient memory write check in the SMM service, which could lead to a page fault occurring. An authenticated user could use this issue to potentially escalate their privileges, disclose information and/or create a denial of service via local access. (CVE-2018-12182) It was discovered that EDK II incorrectly handled memory in DxeCore, which could lead to a stack overflow. An unauthenticated user could this issue to potentially escalate their privileges, disclose information and/or create a denial of service via local access. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-12183) It was discovered that EDK II incorrectly handled memory in the Variable service under certain circumstances. An authenticated user could use this issue to potentially escalate their privileges, disclose information and/or create a denial of service via local access. (CVE-2018-3613) It was discovered that EDK II incorrectly handled memory in its system firmware, which could lead to a buffer overflow. An unauthenticated user could use this issue to potentially escalate their privileges and/or create a denial of service via network access. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-0160)
Continue reading...
Continue reading...
![WireFrame26 [Leaven13]](/data/avatars/s/227/227998.jpg?1781039524){kind=avatar}
