CVE-2018-12182 — Confused Deputy in Firmware Interface Development KIT
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 73.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 27
Latest updateJul 29
Description
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-rq43-vgrv-48m9: Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information d↗2022-05-14
OSV▶
CVE-2018-12182: Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information d↗2019-03-27
CVEList▶
CVE-2018-12182: Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information d↗2019-03-27
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2018-12179 CVE-2018-12182 CVE-2018-12183 CVE-2019-0161 edk2: various flaws [fedora-all]↗2019-03-29
Bugzilla▶
CVE-2018-12182 edk2: insufficient memory write in SMM service leads to privilege escalation↗2019-03-29
Bugzilla▶
CVE-2018-12179 CVE-2018-12182 CVE-2018-12183 CVE-2019-0161 edk2: various flaws [epel-all]↗2019-03-29