4 matches found
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...
CVE-2014-4860
CVE-2014-4860 is an integer overflow vulnerability in the Pre-EFI Initialization (PEI) capsule update coalescing phase of the UEFI/EDK2 implementation. The issue arises when the capsule update is coalesced back to its original form, enabling a write-what-where condition and potential bypass of ac...
UEFI EDK2 Capsule Update Vulnerabilities
Lenovo Security Advisory: LEN-2014-001 Potential Impact: Execution of arbitrary code Severity: Medium Summary: The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism. Description: The open source EDK2 project provides a reference implementation of...
SOL15679 - UEFI EDK2 Capsule Update vulnerabilities CVE-2014-4859 / CVE-2014-4860
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...