OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)
edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)
edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)
edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)
edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)
edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)
openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)
edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)
edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.