HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2018-3613

CVSS 7.8v3.0pub. 2019-03-27upd. 2024-11-21

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Tianocore Edk Ii

    APP
    Tianocore
    udk2015udk2017udk2018
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2019-0160CRITICAL9.8ten sam produkt

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation ...

CVE-2018-12178CRITICAL9.1ten sam produkt

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of pr...

CVE-2021-28216HIGH7.8ten sam produkt

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDa...

CVE-2018-12180HIGH8.8ten sam produkt

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalati...

CVE-2018-12179HIGH7.8ten sam produkt

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable esca...