CVE-2019-11098
published 2021-07-14CVE-2019-11098: Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service…
medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 2020.11-5 (bookworm) | edk2 2020.11-5 (bookworm) |
| tianocore | edk2 | >= 0 < 2020.11-2+deb11u1 | 2020.11-2+deb11u1 |
| tianocore | edk2 | >= 0 < 2020.11-5 | 2020.11-5 |
| tianocore | edk2 | >= 0 < 2020.11-5 | 2020.11-5 |
| tianocore | edk2 | >= 0 < 2020.11-5 | 2020.11-5 |
| tianocore | edk2 | >= 0 < 0~20191122.bd85bf54-2ubuntu3.3 | 0~20191122.bd85bf54-2ubuntu3.3 |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv6.8MEDIUM