EUVD-2019-5745

Malware in sbrugna...

EUVD-2014-8112

Malware in sbrugna...

ROS-20250930-06

Tianocore EDK2 library vulnerability is related to insecure IDT register handling during SMM login. Exploitation of the vulnerability allows an attacker to escalate privileges in the system...

TianoCore EDK II BIOS Vulnerability - Lenovo Support US

No description provided...

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from an out-of-bounds read in the HashPeImageByType function, which could lead to a loss of integrity and...

EDK2 输入验证错误漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from an integer overflow or wrap-around error that could result in a denial of service...

编号撤回

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. This CVE number has been withdrawn...

Null pointer dereference in Tianocore EDK2

...

ROS-20241017-06

A vulnerability in the PeCoffLoaderRelocateImage function of the Tianocore EDK2 library is related to the invocation of memory corruption memory due to overflow through a contiguous network. Exploitation of the vulnerability allows an attacker acting remotely to gain unauthorized access to...

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that originates in the PeCoffLoaderRelocateImage function, where an attacker may be able to cause memory corruption via a...

ROS-20240625-06

Vulnerability in TCP Initial Sequence Number Handler component of Tianocore EDK2 library is related to buffer overflow. buffer overflow. Exploitation of the vulnerability allows an attacker acting remotely to gain unauthorized access to confidential data. Unauthorized access to confidential data...

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2, which stems from the fact that S3 is activated during sleep, and can be exploited by an attacker to cause a loss of...

CVE-2024-26678

CVE-2024-26678 affects the Linux kernel’s x86/efistub pathway. The vulnerability arises from using a 1:1 file:memory mapping for the PE/COFF .compat section, which is an 8-byte dummy section containing the 32-bit entrypoint address of a 64-bit kernel image when booted from 32-bit firmware (CONFIG...

CVE-2024-26678

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface UEFI specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside...

CVE-2023-45232

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from Network Package's susceptibility to a buffer overflow vulnerability when handling the server ID option in...

EDK2 Buffer Error Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from Network Package being susceptible to a buffer overflow vulnerability due to the long server ID option in the DHCP...

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from the Network Package's susceptibility to an out-of-bounds read vulnerability when handling neighbor...

PT-2024-1144

Name of the Vulnerable Software and Affected Versions: EDK2 affected versions not specified Description: The issue is related to a buffer overflow vulnerability in the Dhcp6SendRequestMsg function of the Tianocore edk2 library, specifically in the NetworkPkg/Dhcp6Dxe/Dhcp6Io.c file. This...