| Release | Version |
|---|---|
| buster | 0~20181115.85588389-3+deb10u3 |
| bullseye | 2020.11-2+deb11u1 |
| bookworm | 2022.11-2 |
| sid | 2022.11-2 |
| Bug | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|
| CVE-2021-38578 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ... |
| CVE-2021-38576 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | A BIOS bug in firmware for a particular PC model leaves the Platform a ... |
| CVE-2021-38575 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ... |
| CVE-2021-28216 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ... |
| CVE-2021-28211 | vulnerable (no DSA) | fixed | fixed | fixed | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ... |
| CVE-2021-28210 | vulnerable (no DSA) | fixed | fixed | fixed | An unlimited recursion in DxeCore in EDK II. ... |
| CVE-2019-14560 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | GetEfiGlobalVariable2() return value not checked |
| CVE-2019-11098 | vulnerable (no DSA) | fixed | fixed | fixed | Insufficient input validation in MdeModulePkg in EDKII may allow an un ... |
| Bug | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|
| CVE-2021-28213 | vulnerable | fixed | fixed | fixed | Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ... |
| CVE-2019-14553 | vulnerable | fixed | fixed | fixed | Improper authentication in EDK II may allow a privileged user to poten ... |
| CVE-2018-12182 | vulnerable | fixed | fixed | fixed | Insufficient memory write check in SMM service for EDK II may allow an ... |
| CVE-2018-12179 | vulnerable | fixed | fixed | fixed | Improper configuration in system firmware for EDK II may allow unauthe ... |
| CVE-2014-4860 | vulnerable | fixed | fixed | fixed | Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ... |
| CVE-2014-4859 | vulnerable | fixed | fixed | fixed | Integer overflow in the Drive Execution Environment (DXE) phase in the ... |
| Bug | Description |
|---|---|
| CVE-2019-14587 | Logic issue EDK II may allow an unauthenticated user to potentially en ... |
| CVE-2019-14586 | Use after free vulnerability in EDK II may allow an authenticated user ... |
| CVE-2019-14584 | Null pointer dereference in Tianocore EDK2 may allow an authenticated ... |
| CVE-2019-14575 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ... |
| CVE-2019-14563 | Integer truncation in EDK II may allow an authenticated user to potent ... |
| CVE-2019-14562 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an ... |
| CVE-2019-14559 | Uncontrolled resource consumption in EDK II may allow an unauthenticat ... |
| CVE-2019-14558 | Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ... |
| CVE-2019-0161 | Stack overflow in XHCI for EDK II may allow an unauthenticated user to ... |
| CVE-2019-0160 | Buffer overflow in system firmware for EDK II may allow unauthenticate ... |
| CVE-2018-12183 | Stack overflow in DxeCore for EDK II may allow an unauthenticated user ... |
| CVE-2018-12181 | Stack overflow in corrupted bmp for EDK II may allow unprivileged user ... |
| CVE-2018-12180 | Buffer overflow in BlockIo service for EDK II may allow an unauthentic ... |
| CVE-2018-12178 | Buffer overflow in network stack for EDK II may allow unprivileged use ... |
| DSA / DLA | Description |
|---|---|
| DLA-2645-1 | edk2 - security update |