CVE-2019-0160: Buffer Overflow
First published: Tue Feb 26 2019(Updated: )
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovmf | <0:20180508-6.gitee3198e672e2.el7 | 0:20180508-6.gitee3198e672e2.el7 |
| redhat/edk2 | <0:20190308git89910a39dcfd-6.el8 | 0:20190308git89910a39dcfd-6.el8 |
| Tianocore EDK II | ||
| openSUSE Leap | =15.0 | |
| Fedoraproject Fedora | =30 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Eus | =8.1 | |
| Redhat Enterprise Linux Eus | =8.2 | |
| Redhat Enterprise Linux Eus | =8.4 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =8.2 | |
| Redhat Enterprise Linux Server Aus | =8.4 | |
| Redhat Enterprise Linux Server Tus | =8.2 | |
| Redhat Enterprise Linux Server Tus | =8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683404
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683410
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683413
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683421
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683425
- https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370
- https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219
- https://github.com/tianocore/edk2/commit/5c0748f43f4e1cc15fdd0be64a764eacd7df92f6
- https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
- https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1691646
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1691645
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/storage_vols#sect-Storage_Volumes-Adding_storage_devices_to_guests
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1691640#c5
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1691647
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1691647#c3
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1568899
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1568899&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1568901
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1568901&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1691640#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1691640#c11
- https://access.redhat.com/errata/RHSA-2019:2125
- https://access.redhat.com/security/cve/cve-2019-0160
- https://access.redhat.com/errata/RHSA-2019:3338
- https://bugzilla.redhat.com/show_bug.cgi?id=1691640
- https://www.cve.org/CVERecord?id=CVE-2019-0160 https://nvd.nist.gov/vuln/detail/CVE-2019-0160
Frequently Asked Questions
What is CVE-2019-0160?
CVE-2019-0160 is a vulnerability that allows an unauthenticated user to potentially enable buffer overflow in system firmware for EDK II.
What is the severity of CVE-2019-0160?
The severity of CVE-2019-0160 is critical with a CVSS score of 9.8.
Which software packages are affected by CVE-2019-0160?
The software packages affected by CVE-2019-0160 include ovmf, edk2, Tianocore Edk Ii, openSUSE Leap, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, and Redhat Enterprise Linux Server Tus.
How can CVE-2019-0160 be exploited?
CVE-2019-0160 can be exploited by triggering buffer overflows in UDF-related codes with long file names or invalid formatted UDF media.
Where can I find more information about CVE-2019-0160?
More information about CVE-2019-0160 can be found in the references provided: https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683404, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683410, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1683413.
- collector/redhat-cve
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-0160
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/tianocore
- canonical/tianocore edk ii
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.1
- version/redhat enterprise linux eus/8.2
- version/redhat enterprise linux eus/8.4
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/8.2
- version/redhat enterprise linux server aus/8.4
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/8.2
- version/redhat enterprise linux server tus/8.4