Information on source package edk2

Available versions

ReleaseVersion
buster0~20181115.85588389-3+deb10u3
bullseye2020.11-2+deb11u1
bookworm2022.08-1
sid2022.08-1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2021-38578vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableExisting CommBuffer checks in SmmEntryPoint will not catch underflow w ...
CVE-2021-38577vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableHeap Overflow in BaseBmpSupportLib. ...
CVE-2021-38576vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableA BIOS bug in firmware for a particular PC model leaves the Platform a ...
CVE-2021-38575vulnerable (no DSA)vulnerable (no DSA)fixedfixedNetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...
CVE-2021-28216vulnerable (no DSA)vulnerable (no DSA)fixedfixedBootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...
CVE-2021-28211vulnerable (no DSA)fixedfixedfixedA heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...
CVE-2021-28210vulnerable (no DSA)fixedfixedfixedAn unlimited recursion in DxeCore in EDK II. ...
CVE-2019-14560vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableGetEfiGlobalVariable2() return value not checked
CVE-2019-11098vulnerable (no DSA)fixedfixedfixedInsufficient input validation in MdeModulePkg in EDKII may allow an un ...

Open unimportant issues

BugbusterbullseyebookwormsidDescription
CVE-2021-28213vulnerablefixedfixedfixedExample EDK2 encrypted private key in the IpSecDxe.efi present potenti ...
CVE-2019-14553vulnerablefixedfixedfixedImproper authentication in EDK II may allow a privileged user to poten ...
CVE-2018-12182vulnerablefixedfixedfixedInsufficient memory write check in SMM service for EDK II may allow an ...
CVE-2018-12179vulnerablefixedfixedfixedImproper configuration in system firmware for EDK II may allow unauthe ...
CVE-2014-4860vulnerablefixedfixedfixedMultiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...
CVE-2014-4859vulnerablefixedfixedfixedInteger overflow in the Drive Execution Environment (DXE) phase in the ...

Resolved issues

BugDescription
CVE-2019-14587Logic issue EDK II may allow an unauthenticated user to potentially en ...
CVE-2019-14586Use after free vulnerability in EDK II may allow an authenticated user ...
CVE-2019-14584Null pointer dereference in Tianocore EDK2 may allow an authenticated ...
CVE-2019-14575Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ...
CVE-2019-14563Integer truncation in EDK II may allow an authenticated user to potent ...
CVE-2019-14562Integer overflow in DxeImageVerificationHandler() EDK II may allow an ...
CVE-2019-14559Uncontrolled resource consumption in EDK II may allow an unauthenticat ...
CVE-2019-14558Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ...
CVE-2019-0161Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...
CVE-2019-0160Buffer overflow in system firmware for EDK II may allow unauthenticate ...
CVE-2018-12183Stack overflow in DxeCore for EDK II may allow an unauthenticated user ...
CVE-2018-12181Stack overflow in corrupted bmp for EDK II may allow unprivileged user ...
CVE-2018-12180Buffer overflow in BlockIo service for EDK II may allow an unauthentic ...
CVE-2018-12178Buffer overflow in network stack for EDK II may allow unprivileged use ...

Security announcements

DSA / DLADescription
DLA-2645-1edk2 - security update

Search for package or bug name: Reporting problems