A malicious or compromised UApp or ABL can senda malformed system call to the bootloader, which may result in an out-of-boundsmemory access that may potentially lead to an attacker leaking sensitiveinformation or achieving code execution.
9.8CVSS
9.4AI Score
0.003EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
4.4CVSS
4.5AI Score
0.0004EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
5.5CVSS
5AI Score
0.0004EPSS