Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase
in the Capsule Update feature in the UEFI implementation in EDK2 allow
physically proximate attackers to bypass intended access restrictions by
providing crafted data that is not properly handled during the coalescing
phase.