{"id":"MGASA-2021-0035","summary":"Updated edk2 packages fix multiples security vulnerabilities","details":"Improper configuration in system firmware for EDK II may allow unauthenticated\nuser to potentially enable escalation of privilege, information disclosure\nand/or denial of service via local access. (CVE-2018-12179).\n\nInsufficient memory write check in SMM service for EDK II may allow an\nauthenticated user to potentially enable escalation of privilege, information\ndisclosure and/or denial of service via local access. (CVE-2018-12182).\n\nStack overflow in DxeCore for EDK II may allow an unauthenticated user to\npotentially enable escalation of privilege, information disclosure and/or\ndenial of service via local access. (CVE-2018-12183).\n\nBuffer overflow in system firmware for EDK II may allow unauthenticated user\nto potentially enable escalation of privilege and/or denial of service via\nnetwork access. (CVE-2019-0160).\n\nStack overflow in XHCI for EDK II may allow an unauthenticated user to\npotentially enable denial of service via local access. (CVE-2019-0161).\n\nImproper authentication in EDK II may allow a privileged user to potentially\nenable information disclosure via network access. (CVE-2019-14553).\n\nInsufficient control flow management in BIOS firmware for 8th, 9th, 10th\nGeneration Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series\nProcessors may allow an authenticated user to potentially enable denial of\nservice via adjacent access. (CVE-2019-14558).\n\nUncontrolled resource consumption in EDK II may allow an unauthenticated user\nto potentially enable denial of service via network access. (CVE-2019-14559).\n\nInteger truncation in EDK II may allow an authenticated user to potentially\nenable escalation of privilege via local access. (CVE-2019-14563).\n\nLogic issue in DxeImageVerificationHandler() for EDK II may allow an\nauthenticated user to potentially enable escalation of privilege via local\naccess. (CVE-2019-14575).\n\nEDK II incorrectly parsed signed PKCS #7 data. An attacker could use this\nissue to cause EDK II to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2019-14584).\n\nUse after free vulnerability in EDK II may allow an authenticated user to\npotentially enable escalation of privilege, information disclosure and/or\ndenial of service via adjacent access. (CVE-2019-14586).\n\nLogic issue EDK II may allow an unauthenticated user to potentially enable\ndenial of service via adjacent access. (CVE-2019-14587).\n\nInteger overflow in DxeImageVerificationHandler() EDK II may allow an\nauthenticated user to potentially enable denial of service via local access.\n(CVE-2019-14562).\n","modified":"2026-04-16T04:42:41.889312057Z","published":"2021-01-17T16:07:01Z","upstream":["CVE-2018-12179","CVE-2018-12182","CVE-2018-12183","CVE-2019-0160","CVE-2019-0161","CVE-2019-14553","CVE-2019-14558","CVE-2019-14559","CVE-2019-14562","CVE-2019-14563","CVE-2019-14575","CVE-2019-14584","CVE-2019-14586","CVE-2019-14587"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0035.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25939"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:1712"},{"type":"WEB","url":"https://usn.ubuntu.com/4349-1/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A23OH3MXQU7WURSP4PC66EXMG6INYFH6/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4684-1"},{"type":"WEB","url":"https://github.com/tianocore/edk2/releases"}],"affected":[{"package":{"name":"edk2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/edk2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20201127stable-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0035.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}