| Release | Version |
|---|---|
| stretch | 0~20161202.7bbe0b3e-1+deb9u1 |
| buster | 0~20181115.85588389-3+deb10u1 |
| bullseye | 2020.05-3 |
| sid | 2020.05-3 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2019-14587 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | |
| CVE-2019-14586 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | |
| CVE-2019-14575 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | DxeImageVerificationHandler() fails open in case of dbx signature check |
| CVE-2019-14563 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib |
| CVE-2019-14560 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | GetEfiGlobalVariable2() return value not checked |
| CVE-2019-14559 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | memory leak in ArpOnFrameRcvdDpc |
| CVE-2019-14558 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | |
| CVE-2019-0161 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Stack overflow in XHCI for EDK II may allow an unauthenticated user to ... |
| CVE-2019-0160 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Buffer overflow in system firmware for EDK II may allow unauthenticate ... |
| CVE-2018-12183 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Stack overflow in DxeCore for EDK II may allow an unauthenticated user ... |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2019-14553 | vulnerable | vulnerable | fixed | fixed | invalid server certificate accepted in HTTPS-over-IPv6 boot |
| CVE-2018-12182 | vulnerable | vulnerable | fixed | fixed | Insufficient memory write check in SMM service for EDK II may allow an ... |
| CVE-2018-12179 | vulnerable | vulnerable | fixed | fixed | Improper configuration in system firmware for EDK II may allow unauthe ... |
| CVE-2014-4860 | vulnerable | vulnerable | fixed | fixed | Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ... |
| CVE-2014-4859 | vulnerable | vulnerable | fixed | fixed | Integer overflow in the Drive Execution Environment (DXE) phase in the ... |
| Bug | Description |
|---|---|
| CVE-2018-12181 | Stack overflow in corrupted bmp for EDK II may allow unprivileged user ... |
| CVE-2018-12180 | Buffer overflow in BlockIo service for EDK II may allow an unauthentic ... |
| CVE-2018-12178 | Buffer overflow in network stack for EDK II may allow unprivileged use ... |