Information disclosure

🗓️ 27 Mar 2019 20:29:00Reported by PRIOn knowledge baseType

Logic issue in EDK II/UDK2018/UDK2017/UDK2015 variable service module may allow escalation of privilege, information disclosure and denial of service via local acces

Reporter	Title	Published	Views	Family All 60
Tenable Nessus	Amazon Linux 2 : edk2 (ALAS-2019-1273)	28 Aug 201900:00	–	nessus
Tenable Nessus	CentOS 7 : ovmf (CESA-2019:2125)	30 Aug 201900:00	–	nessus
Tenable Nessus	Fedora 30 : edk2 (2019-3b96bb5186)	2 May 201900:00	–	nessus
Tenable Nessus	Fedora 29 : edk2 (2019-bff1cbaba3)	29 Aug 202500:00	–	nessus
Tenable Nessus	MiracleLinux 7 : ovmf-20180508-6.gitee3198e672e2.el7 (AXSA:2019-4031:02)	16 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Multiple Vulnerabilities (NS-SA-2019-0218)	2 Dec 201900:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.05 / MAIN 5.05 : ovmf Multiple Vulnerabilities (NS-SA-2019-0239)	31 Dec 201900:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.05 / MAIN 5.05 : ovmf Multiple Vulnerabilities (NS-SA-2021-0180)	27 Oct 202100:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Multiple Vulnerabilities (NS-SA-2022-0009)	9 May 202200:00	–	nessus
Tenable Nessus	openSUSE Security Update : ovmf (openSUSE-2018-1590)	24 Dec 201800:00	–	nessus

Source	Link
edk2-docs	www.edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/
support	www.support.hpe.com/hpsc/doc/public/display
access	www.access.redhat.com/errata/RHSA-2019:2125