USN-5088-1: EDK II vulnerabilities
First published: Thu Sep 23 2021(Updated: )
It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. (CVE-2019-11098) Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to crash, resulting in a denial of service. (CVE-2021-23840) Ingo Schwarze discovered that OpenSSL used in EDK II incorrectly handled certain ASN.1 strings. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712) It was discovered that EDK II incorrectly decoded certain strings. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-38575)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/qemu-efi-arm | <2020.11-4ubuntu0.1 | 2020.11-4ubuntu0.1 |
| Ubuntu Ubuntu | =21.04 | |
| All of | ||
| ubuntu/qemu-efi | <2020.11-4ubuntu0.1 | 2020.11-4ubuntu0.1 |
| Ubuntu Ubuntu | =21.04 | |
| All of | ||
| ubuntu/ovmf-ia32 | <2020.11-4ubuntu0.1 | 2020.11-4ubuntu0.1 |
| Ubuntu Ubuntu | =21.04 | |
| All of | ||
| ubuntu/qemu-efi-aarch64 | <2020.11-4ubuntu0.1 | 2020.11-4ubuntu0.1 |
| Ubuntu Ubuntu | =21.04 | |
| All of | ||
| ubuntu/ovmf | <2020.11-4ubuntu0.1 | 2020.11-4ubuntu0.1 |
| Ubuntu Ubuntu | =21.04 | |
| All of | ||
| ubuntu/qemu-efi-arm | <0~20191122.bd85bf54-2ubuntu3.3 | 0~20191122.bd85bf54-2ubuntu3.3 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/qemu-efi | <0~20191122.bd85bf54-2ubuntu3.3 | 0~20191122.bd85bf54-2ubuntu3.3 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/qemu-efi-aarch64 | <0~20191122.bd85bf54-2ubuntu3.3 | 0~20191122.bd85bf54-2ubuntu3.3 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/ovmf | <0~20191122.bd85bf54-2ubuntu3.3 | 0~20191122.bd85bf54-2ubuntu3.3 |
| Ubuntu Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-11098
- https://ubuntu.com/security/CVE-2021-3712
- https://ubuntu.com/security/CVE-2021-23840
- https://ubuntu.com/security/CVE-2021-38575
- https://ubuntu.com/security/notices/USN-5051-1
- https://ubuntu.com/security/notices/USN-5051-2
- https://ubuntu.com/security/notices/USN-5051-3
- https://ubuntu.com/security/notices/USN-4738-1
- https://ubuntu.com/security/notices/USN-7018-1
- https://ubuntu.com/security/notices/USN-7060-1
- https://launchpad.net/ubuntu/+source/edk2/2020.11-4ubuntu0.1
- https://launchpad.net/ubuntu/+source/edk2/0~20191122.bd85bf54-2ubuntu3.3
- https://ubuntu.com/security/notices/USN-5088-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/description
- collector/usn
- source/Ubuntu
- anchor-related/USN-5051-1
- anchor-related/USN-5051-2
- anchor-related/USN-5051-3
- anchor-related/USN-4738-1
- anchor-related/USN-7018-1
- anchor-related/USN-7060-1
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/21.04
- version/ubuntu ubuntu/20.04