CVE-2018-12180Out-of-bounds Write in Firmware Interface Development KIT

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read11 documents8 sources
Severity
8.8HIGHNVD
EPSS
1.3%
top 20.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tianocore Edk2Extensible Firmware Interface Development KITOpensuse Leap
Timeline
PublishedMar 27
Latest updateMay 13

Description

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Debiantianocore/edk2< 0~20181115.85588389-3+3
NVDopensuse/leap15.0

Patches

Patch: edk2-docs.gitbooks.ioPatch: edk2-docs.gitbooks.io

🔴Vulnerability Details

4
GHSA
GHSA-9ghw-h32x-5rfx: Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure2022-05-13
OSV
edk2 vulnerabilities2020-04-30
OSV
CVE-2018-12180: Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure2019-03-27
CVEList
CVE-2018-12180: Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure2019-03-27

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2020-04-30
Red Hat
edk2: Buffer Overflow in BlockIo service for RAM disk2019-02-26
Debian
CVE-2018-12180: edk2 - Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user ...2018

💬Community

3
Bugzilla
CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk2019-02-26
Bugzilla
CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk [epel-all]2019-02-26
Bugzilla
CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk [fedora-all]2019-02-26
CVE-2018-12180 — Out-of-bounds Write | cvebase