Описание
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
An improper input validation flaw in the MdeModulePkg module of edk2 may allow an unauthenticated attacker with physical access to the system handled by edk2 to escalate his privileges and cause a denial of service or disclose information.
Отчет
Within Red Hat Enterprise Linux, edk2 is used only on virtualized systems, thus in this context the attacker needs to be a local user of the host system who have already the ability to compromise the guests systems. For this reason, this flaw has a Low Impact on both Red Hat Enterprise Linux 7 and 8.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | ovmf | Out of support scope | ||
| Red Hat Enterprise Linux 8 | edk2 | Affected | ||
| Red Hat Enterprise Linux 9 | edk2 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Insufficient input validation in MdeModulePkg in EDKII may allow an un ...
EPSS
6.4 Medium
CVSS3