Lucene search

IBM47714CA6EA2C1D0F6FA8F8036734046B650DD4670C1912F85B98CAB63E04854B

HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to TianoCore EDK II BIOS Vulnerability (CVE-2018-12182)

2023-12-0722:45:03

www.ibm.com

ibm

uefi

tianocore edk ii

bios

vulnerability

cve-2018-12182

fix central

flex system

system x3850

system x3950

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

23.9%

JSON

Summary

IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x and Flex systems in response to the TianoCore EDK II BIOS Vulnerability listed below.

Vulnerability Details

CVEID: CVE-2018-12182 DESCRIPTION: TianoCore EDK II BIOS could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper memory write check in SMM service. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges, obtain sensitive information or cause a denial of service condition.
CVSS Base Score: 8.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161214> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Product

Affected Version

—|—

Flex System x280, x480, x880 7903

n2e1

System x3850 x6 3837/3839
System x3950 x6 3839

a8e1

Remediation/Fixes

Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/

Product

Fixed Version

—|—
Flex System x280, x480, x880 7903
(ibm_fw_uefi_n2e134d-2.10_anyos_32-64) | n2e134d-2.10
System x3850 x6 3837/3839
System x3950 x6 3839
(ibm_fw_uefi_a8e132d-1.90_anyos_32-64) | a8e132d-1.90

Workarounds and Mitigations

None

CPENameOperatorVersion
system x->microsoft datacentereqany
pureflex system & flex systemeqany

CPE	Name	Operator	Version
	system x->microsoft datacenter	eq	any
	pureflex system & flex system	eq	any

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

23.9%

JSON

Related for 47714CA6EA2C1D0F6FA8F8036734046B650DD4670C1912F85B98CAB63E04854B