CVE-2021-28210Uncontrolled Recursion in Edk2

CWE-674Uncontrolled Recursion8 documents6 sources
Severity
7.8HIGHOSV
No vector
EPSS
0.1%
top 69.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedJun 8
Latest updateOct 10

Description

An unlimited recursion in DxeCore in EDK II. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began

Affected Packages1 packages

Ubuntutianocore/edk2< 0~20191122.bd85bf54-2ubuntu3.2

🔴Vulnerability Details

2
OSV
edk2 vulnerabilities2024-10-10
OSV
edk2 vulnerabilities2021-04-20

📋Vendor Advisories

5
Ubuntu
EDK II vulnerabilities2024-10-10
Microsoft
An unlimited recursion in DxeCore in EDK II.2021-06-08
Ubuntu
EDK II vulnerabilities2021-04-20
Debian
CVE-2021-28210: edk2 - An unlimited recursion in DxeCore in EDK II.2021
Red Hat
edk2: unlimited FV recursion, round 22020-11-19

💬Community

1
Bugzilla
CVE-2021-28210 edk2: unlimited FV recursion, round 22020-09-29
CVE-2021-28210 — Uncontrolled Recursion in Edk2 | cvebase