Debian Edk2 vulnerabilities

CVE-2022-36765 [HIGH] CVE-2022-36765: edk2 - EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a u... EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 20

CVE-2022-36764 [HIGH] CVE-2022-36764: edk2 - EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, all... EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 2020.11-

CVE-2022-36763 [HIGH] CVE-2022-36763: edk2 - EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, al... EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 2020.11

CVE-2021-38578 [HIGH] CVE-2021-38578: edk2 - Existing CommBuffer checks in SmmEntryPoint will not catch underflow when comput... Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Scope: local bookworm: resolved (fixed in 2022.11-1) bullseye: resolved (fixed in 2020.11-2+deb11u3) forky: resolved (fixed in 2022.11-1) sid: resolved (fixed in 2022.11-1) trixie: resolved (fixed in 2022.11-1)

CVE-2021-28216 [HIGH] CVE-2021-28216: edk2 - BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend se... BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. Scope: local bookworm: resolved (fixed in 2021.11~rc1-1) bullseye: resolved (fixed in 2020.11-2+deb11u3) forky: resolved (fixed in 2021.11~rc1-1) sid: resolved (fixed in 2021.11~rc1-1) trixie: resolved (fixed in 2021.11~rc1-1)

CVE-2021-38576 [HIGH] CVE-2021-38576: edk2 - A BIOS bug in firmware for a particular PC model leaves the Platform authorizati... A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. Scope: local bookworm: resolved (fixed in 2021.11-1) bullseye: resolved (fixed in 2020.11-2+deb11u3) forky: resolved (fixed in 2021.11-1) sid: resolved (fixed in 202

CVE-2021-28210 [HIGH] CVE-2021-28210: edk2 - An unlimited recursion in DxeCore in EDK II. An unlimited recursion in DxeCore in EDK II. Scope: local bookworm: resolved (fixed in 2020.11-1) bullseye: resolved (fixed in 2020.11-1) forky: resolved (fixed in 2020.11-1) sid: resolved (fixed in 2020.11-1) trixie: resolved (fixed in 2020.11-1)

CVE-2021-38575 [HIGH] CVE-2021-38575: edk2 - NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Scope: local bookworm: resolved (fixed in 2021.08-1) bullseye: resolved (fixed in 2020.11-2+deb11u3) forky: resolved (fixed in 2021.08-1) sid: resolved (fixed in 2021.08-1) trixie: resolved (fixed in 2021.08-1)

CVE-2021-28211 [MEDIUM] CVE-2021-28211: edk2 - A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Scope: local bookworm: resolved (fixed in 2020.11-1) bullseye: resolved (fixed in 2020.11-1) forky: resolved (fixed in 2020.11-1) sid: resolved (fixed in 2020.11-1) trixie: resolved (fixed in 2020.11-1)

CVE-2021-28213 [HIGH] CVE-2021-28213: edk2 - Example EDK2 encrypted private key in the IpSecDxe.efi present potential securit... Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Scope: local bookworm: resolved (fixed in 0~20190606.20d2e5a1-2) bullseye: resolved (fixed in 0~20190606.20d2e5a1-2) forky: resolved (fixed in 0~20190606.20d2e5a1-2) sid: resolved (fixed in 0~20190606.20d2e5a1-2) trixie: resolved (fixed in 0~20190606.20d2e5a1-2)

CVE-2019-14584 [HIGH] CVE-2019-14584: edk2 - Null pointer dereference in Tianocore EDK2 may allow an authenticated user to po... Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 2020.11-1) bullseye: resolved (fixed in 2020.11-1) forky: resolved (fixed in 2020.11-1) sid: resolved (fixed in 2020.11-1) trixie: resolved (fixed in 2020.11-1)

CVE-2019-14586 [HIGH] CVE-2019-14586: edk2 - Use after free vulnerability in EDK II may allow an authenticated user to potent... Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. Scope: local bookworm: resolved (fixed in 0~20200229.4c0f6e34-1) bullseye: resolved (fixed in 0~20200229.4c0f6e34-1) forky: resolved (fixed in 0~20200229.4c0f6e34-1) sid: resolved (fix

CVE-2019-14558 [MEDIUM] CVE-2019-14558: edk2 - Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generat... Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: resolved (fixed in 0~20200229.4c0f6e34-1) bullseye: resolved (fixed in 0~20200229.4c0f6e34

CVE-2019-11098 [MEDIUM] CVE-2019-11098: edk2 - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthentica... Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. Scope: local bookworm: resolved (fixed in 2020.11-5) bullseye: resolved (fixed in 2020.11-2+deb11u1) forky: resolved (fixed in 2020.11-5) sid: resolved (fixed in 20

CVE-2019-14587 [MEDIUM] CVE-2019-14587: edk2 - Logic issue EDK II may allow an unauthenticated user to potentially enable denia... Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: resolved (fixed in 0~20200229.4c0f6e34-1) bullseye: resolved (fixed in 0~20200229.4c0f6e34-1) forky: resolved (fixed in 0~20200229.4c0f6e34-1) sid: resolved (fixed in 0~20200229.4c0f6e34-1) trixie: resolved (fixed in 0~20200229.4c0f

CVE-2019-14562 [MEDIUM] CVE-2019-14562: edk2 - Integer overflow in DxeImageVerificationHandler() EDK II may allow an authentica... Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. Scope: local bookworm: resolved (fixed in 2020.05-4) bullseye: resolved (fixed in 2020.05-4) forky: resolved (fixed in 2020.05-4) sid: resolved (fixed in 2020.05-4) trixie: resolved (fixed in 2020.05-4)

CVE-2019-14563 [HIGH] CVE-2019-14563: edk2 - Integer truncation in EDK II may allow an authenticated user to potentially enab... Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 0~20200229.4c0f6e34-1) bullseye: resolved (fixed in 0~20200229.4c0f6e34-1) forky: resolved (fixed in 0~20200229.4c0f6e34-1) sid: resolved (fixed in 0~20200229.4c0f6e34-1) trixie: resolved (fixed in 0~2020

CVE-2019-14559 [HIGH] CVE-2019-14559: edk2 - Uncontrolled resource consumption in EDK II may allow an unauthenticated user to... Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. Scope: local bookworm: resolved (fixed in 0~20200229.4c0f6e34-1) bullseye: resolved (fixed in 0~20200229.4c0f6e34-1) forky: resolved (fixed in 0~20200229.4c0f6e34-1) sid: resolved (fixed in 0~20200229.4c0f6e34-1) trixie: resolved (fi

CVE-2019-14553 [MEDIUM] CVE-2019-14553: edk2 - Improper authentication in EDK II may allow a privileged user to potentially ena... Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. Scope: local bookworm: resolved (fixed in 0~20190828.37eef910-4) bullseye: resolved (fixed in 0~20190828.37eef910-4) forky: resolved (fixed in 0~20190828.37eef910-4) sid: resolved (fixed in 0~20190828.37eef910-4) trixie: resolved (fixed in 0~

CVE-2019-0161 [MEDIUM] CVE-2019-0161: edk2 - Stack overflow in XHCI for EDK II may allow an unauthenticated user to potential... Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. Scope: local bookworm: resolved (fixed in 0~20180803.dd4cae4d-1) bullseye: resolved (fixed in 0~20180803.dd4cae4d-1) forky: resolved (fixed in 0~20180803.dd4cae4d-1) sid: resolved (fixed in 0~20180803.dd4cae4d-1) trixie: resolved (fixed in 0~201