CVE-2019-0161Out-of-bounds Write in Firmware Interface Development KIT

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer OverflowCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tianocore Edk2Extensible Firmware Interface Development KIT
Timeline
PublishedMar 27
Latest updateOct 10

Description

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debiantianocore/edk2< 0~20180803.dd4cae4d-1+3
Ubuntutianocore/edk2< 0~20191122.bd85bf54-2ubuntu3.6+3

Patches

Patch: edk2-docs.gitbooks.ioPatch: edk2-docs.gitbooks.io

🔴Vulnerability Details

4
OSV
edk2 vulnerabilities2024-10-10
GHSA
GHSA-jf2h-frpc-5873: Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access2022-05-13
CVEList
CVE-2019-0161: Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access2019-03-27
OSV
CVE-2019-0161: Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access2019-03-27

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2024-10-10
Debian
CVE-2019-0161: edk2 - Stack overflow in XHCI for EDK II may allow an unauthenticated user to potential...2019
Red Hat
edk2: stack overflow in XHCI causing denial of service2018-06-05

💬Community

3
Bugzilla
CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service2019-03-29
Bugzilla
CVE-2018-12179 CVE-2018-12182 CVE-2018-12183 CVE-2019-0161 edk2: various flaws [fedora-all]2019-03-29
Bugzilla
CVE-2018-12179 CVE-2018-12182 CVE-2018-12183 CVE-2019-0161 edk2: various flaws [epel-all]2019-03-29
CVE-2019-0161 — Out-of-bounds Write | cvebase