8 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : EDK II vulnerabilities (USN-7894-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7894-1 advisory. It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue...
Alibaba Cloud Linux 3 : 0098: edk2 (ALINUX3-SA-2022:0098)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0098 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-14553: Improper authentication in...
Important: edk2
Issue Overview: A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. CVE-2021-28211 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. CVE-2021-28216 A BIOS bug in firmware for a particular PC model...
USN-7060-1 edk2 vulnerabilities
It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-0161 Laszlo Ersek discovered that E...
USN-7060-1: EDK II vulnerabilities
It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-0161 Laszlo Ersek discovered that E...
Ubuntu 20.04 LTS : EDK II vulnerabilities (USN-4923-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4923-1 advisory. Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources,...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : EDK II vulnerabilities (USN-4684-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4684-1 advisory. Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a...
CVE-2018-12183
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...