{"id":"CVE-2018-3613","details":"Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.","modified":"2026-04-10T04:10:31.876606Z","published":"2019-03-27T20:29:03.770Z","related":["SUSE-SU-2018:4155-1","SUSE-SU-2018:4194-1","SUSE-SU-2018:4207-1","openSUSE-SU-2024:11134-1"],"references":[{"type":"WEB","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2125"},{"type":"FIX","url":"https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tianocore/edk2","events":[{"introduced":"0"},{"last_affected":"324a4c9d7d512f3bf78fe782803d3a8a09c69f73"},{"introduced":"0"},{"last_affected":"3e72ffe8afdd03f1f89eba65c921cbdcb004cfee"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"udk2017"},{"introduced":"0"},{"last_affected":"udk2018"}]}}],"versions":["vUDK2017","vUDK2018"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3613.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"udk2015"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}