CVE-2021-28216
published 2021-08-05CVE-2021-28216: BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 2021.11~rc1-1 (bookworm) | edk2 2021.11~rc1-1 (bookworm) |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| tianocore | edk2 | >= 0 < 2020.11-2+deb11u3 | 2020.11-2+deb11u3 |
| tianocore | edk2 | >= 0 < 2021.11~rc1-1 | 2021.11~rc1-1 |
| tianocore | edk2 | >= 0 < 2021.11~rc1-1 | 2021.11~rc1-1 |
| tianocore | edk2 | >= 0 < 2021.11~rc1-1 | 2021.11~rc1-1 |
| tianocore | edk_ii | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH