CVE-2019-11098Improper Input Validation in Edk2

CWE-20Improper Input Validation8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 83.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedJul 14
Latest updateMay 24

Description

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

Debiantianocore/edk2< 2020.11-2+deb11u1+3
Ubuntutianocore/edk2< 0~20191122.bd85bf54-2ubuntu3.3

🔴Vulnerability Details

4
GHSA
GHSA-6g82-r87x-h953: Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of serv2022-05-24
OSV
edk2 vulnerabilities2021-09-23
CVEList
CVE-2019-11098: Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of serv2021-07-14
OSV
CVE-2019-11098: Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of serv2021-07-14

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2021-09-23
Red Hat
edk2: Insufficient input validation in MdeModulePkg may lead to privilege escalation2019-05-08
Debian
CVE-2019-11098: edk2 - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthentica...2019
CVE-2019-11098 — Improper Input Validation in Edk2 | cvebase