Описание
[REJECTED CVE] A vulnerability has been identified in EDK2 where a function PeCoffLoaderLoadImage() in library MdePkg/BasePeCoffLib does not properly compute the End address of PE sections, allowing the End address to be before the Base one. A malicious PE could be used to corrupt the memory during the boot process, by using a VirtualSize equals to 0.
Отчет
Red Hat has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies. If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | ovmf | Not affected | ||
| Red Hat Enterprise Linux 8 | edk2 | Not affected |
Показывать по
Дополнительная информация
0 Low
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
0 Low
CVSS3