edk2 security update

An update is available for edk2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...

Ubuntu EDK2 安全漏洞

Ubuntu EDK2 is an open source firmware development kit for Ubuntu. A security vulnerability exists in Ubuntu edk2 that stems from the Secure Boot environment that allows access to the UEFI Shell, which could lead to Secure Boot constraints being bypassed...

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a security vulnerability that stems from allowing insecure default settings that allow an attacker to bypass secure boot...

EDK2 Buffer Error Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from Network Package being susceptible to a buffer overflow vulnerability due to the long server ID option in the DHCP...

EDK2 Buffer Error Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from the Network Package's susceptibility to a buffer overflow vulnerability when handling the DNS server option in...

AZL-39559 CVE-2022-36763 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

DEBIAN-CVE-2019-14559

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access...

EDK2 Security Bypass Vulnerability

EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A security bypass vulnerability exists in EDK2. A remote attacker could exploit this vulnerability to cause an affected application to crash, resulting in a denial of service or bypass security...

EDK2 Memory Write Vulnerability

EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A security vulnerability exists in EDK2's SMM service that stems from the program's failure to adequately perform memory write checks. A local attacker could exploit the vulnerability to elevate...

DEBIAN-CVE-2018-12183

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

UBUNTU-CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...