Tianocore Edk2 vulnerabilities

CVE-2023-45231 [MEDIUM] CWE-125 CVE-2023-45231: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neigh EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

CVE-2023-45229 [MEDIUM] CWE-125 CVE-2023-45229: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

CVE-2022-36763 [HIGH] CWE-122 CVE-2022-36763: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to tri EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

CVE-2022-36764 [HIGH] CWE-122 CVE-2022-36764: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trig EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

CVE-2022-36765 [HIGH] CWE-680 CVE-2022-36765: EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a int EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

CVE-2021-38578 [CRITICAL] CWE-124 CVE-2021-38578: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

CVE-2021-38576 [HIGH] CVE-2021-38576: A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

CVE-2021-38575 [HIGH] CWE-124 CVE-2021-38575: NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

CVE-2019-11098 [MEDIUM] edk2 vulnerabilities edk2 vulnerabilities It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. (CVE-2019-11098) Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to

CVE-2021-28216 [HIGH] CVE-2021-28216: BootPerformanceTable pointer is read from an NVRAM variable in PEI BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

CVE-2021-28213 [HIGH] CVE-2021-28213: Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.

CVE-2021-28211 [MEDIUM] CWE-122 CVE-2021-28211: A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

CVE-2019-14584 [HIGH] CWE-476 CVE-2019-14584: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable esc Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2021-28210 [HIGH] edk2 vulnerabilities edk2 vulnerabilities Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. (CVE-2021-28210) Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-

CVE-2019-14586 [HIGH] CVE-2019-14586: Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or de Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

CVE-2019-14575 [HIGH] CVE-2019-14575: Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2019-14563 [HIGH] CVE-2019-14563: Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2019-14559 [HIGH] CVE-2019-14559: Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

CVE-2019-14553 [MEDIUM] CVE-2019-14553: Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.

CVE-2019-14562 [MEDIUM] CVE-2019-14562: Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.