CVE-2018-12182
published 2019-03-27CVE-2018-12182: Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure…
medium6.7CVSS 3.0
AVLACLPRHUINSUCHIHAH
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | — | — |
| extensible_firmware_interface_development_kit | extensible_firmware_interface_development_kit | — | — |
| tianocore | edk2 | >= 0 < 0~20160408.ffea0a2c-2ubuntu0.2+esm1 | 0~20160408.ffea0a2c-2ubuntu0.2+esm1 |
| tianocore | edk2 | >= 0 < 0~20180205.c0d9813c-2ubuntu0.3+esm1 | 0~20180205.c0d9813c-2ubuntu0.3+esm1 |
CVSS provenance
nvdv3.06.7MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH