Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11098

Опубликовано: 14 июл. 2021
Источник: debian

Описание

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
edk2fixed2021.02-1experimentalpackage
edk2fixed2020.11-5package
edk2fixed2020.11-2+deb11u1bullseyepackage
edk2no-dsabusterpackage
edk2no-dsastretchpackage

Примечания

  • https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability

  • https://bugzilla.tianocore.org/show_bug.cgi?id=1614

  • https://bugzilla.tianocore.org/attachment.cgi?id=316

Связанные уязвимости

ubuntu логотип

CVE-2019-11098

CVSS3: 6.8
ubuntu
больше 4 лет назад

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

redhat логотип

CVE-2019-11098

CVSS3: 6.4
redhat
больше 6 лет назад

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

nvd логотип

CVE-2019-11098

CVSS3: 6.8
nvd
больше 4 лет назад

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

suse-cvrf логотип

SUSE-SU-2023:0036-1

suse-cvrf
около 3 лет назад

Security update for ovmf

suse-cvrf логотип

SUSE-SU-2023:0004-1

suse-cvrf
около 3 лет назад

Security update for ovmf