Tianocore: >> Edk2 >> 2017-11-07 Security Vulnerabilities
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
CVSS Score
7.0
EPSS Score
0.0
Published
2024-01-09
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
CVSS Score
7.0
EPSS Score
0.0
Published
2024-01-09
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-03-03
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
CVSS Score
8.1
EPSS Score
0.006
Published
2021-12-01
An unlimited recursion in DxeCore in EDK II.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-11
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-03
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
CVSS Score
6.8
EPSS Score
0.002
Published
2020-02-06
Page 2