Latest tianocore edk2 Vulnerabilities

CVE-2023-45229
Out-of-Bounds Read in EDK II Network Package
<=202311
CVE-2023-45230
Buffer Overflow in EDK II Network Package
Tianocore EDK II
ubuntu/edk2<0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
Tianocore EDK2<=202311
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
and 1 more
CVE-2023-45235
Buffer Overflow in EDK II Network Package
Tianocore EDK II
ubuntu/edk2<2023.05-2ubuntu0.1
ubuntu/edk2<0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
Tianocore EDK2<=202311
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
and 1 more
CVE-2023-45232
Infinite loop in EDK II Network Package
Tianocore EDK2<=202311
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<0~20191122.
ubuntu/edk2<2023.05-2ubuntu0.1
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
CVE-2023-45231
Out-of-Bounds Read in EDK II Network Package
Tianocore EDK2<=202311
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
ubuntu/edk2<0~20191122.
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
CVE-2023-45234
Buffer Overflow in EDK II Network Package
ubuntu/edk2<0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
Tianocore EDK2<=202311
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
<=202311
CVE-2023-45233
Infinite loop in EDK II Network Package
ubuntu/edk2<0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
Tianocore EDK2<=202311
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
<=202311
CVE-2022-36763
Heap Buffer Overflow in Tcg2MeasureGptTable
Tianocore EDK2<=202311
ubuntu/edk2<0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
CVE-2022-36764
Heap Buffer Overflow in Tcg2MeasurePeImage
Tianocore EDK2<=202311
ubuntu/edk2<0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
CVE-2022-36765
Integer Overflow in CreateHob
Tianocore EDK2<=202311
ubuntu/edk2<0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
debian/edk2<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the sy...
Tianocore EDK2=201808
Tianocore EDK2=201811
Tianocore EDK2=201903
Tianocore EDK2=201905
Tianocore EDK2=201908
Tianocore EDK2=201911
and 6 more
CVE-2021-28213
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
Tianocore EDK2=201905
CVE-2021-28211
Tianocore EDK2=202008
CVE-2021-28210
An unlimited recursion in DxeCore in EDK II.
Tianocore EDK2<202008
CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
redhat/edk2<0:20221207gitfff6d81270b5-9.el9_2
Tianocore EDK2<=202202
Insyde Kernel=5.0
Insyde Kernel=5.1
Insyde Kernel=5.2
Insyde Kernel=5.3
and 2 more
CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
Tianocore EDK2<=202105
Insyde Kernel=5.0
Insyde Kernel=5.1
Insyde Kernel=5.2
Insyde Kernel=5.3
Insyde Kernel=5.4
and 1 more
CVE-2019-14553
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
Tianocore EDK2
CVE-2019-14562
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
Tianocore EDK2
Debian Debian Linux=9.0
CVE-2019-14584
AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode pkcs#7 data. when this successfully returns, a type check is done by calling PKCS7_type_is_signed() and the...
Tianocore EDK2<2020-10-21
CVE-2014-8271
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
Tianocore EDK2<svn_16280
CVE-2014-4859
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restric...
Tianocore EDK2
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended acces...
Tianocore EDK2
CVE-2019-14563
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
Tianocore EDK2
Debian Debian Linux=9.0
ubuntu/edk2<0~20180205.
ubuntu/edk2<0~20190606.20
ubuntu/edk2<0~20160408.
debian/edk2
CVE-2019-14587
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Tianocore EDK2
Debian Debian Linux=9.0
ubuntu/edk2<0~20180205.
ubuntu/edk2<0~20190606.20
ubuntu/edk2<0~20200229.4
ubuntu/edk2<0~20160408.
and 1 more
CVE-2019-14559
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
Tianocore EDK2
ubuntu/edk2<0~20180205.
ubuntu/edk2<0~20190606.20
ubuntu/edk2<0~20160408.
debian/edk2
CVE-2019-14586
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
Tianocore EDK2
Debian Debian Linux=9.0
ubuntu/edk2<0~20180205.
ubuntu/edk2<0~20190606.20
ubuntu/edk2<0~20200229.4
ubuntu/edk2<0~20160408.
and 1 more
CVE-2019-14575
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
Tianocore EDK2
Debian Debian Linux=9.0
ubuntu/edk2<0~20180205.
ubuntu/edk2<0~20190606.20
ubuntu/edk2<0~20160408.
debian/edk2
CVE-2017-5731
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
redhat/ovmf<0:20180508-6.gitee3198e672e2.el7
Tianocore EDK2<2017-11-07

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203