ALAS2-2019-1290 --- edk2ID: oval:org.secpod.oval:def:1700513 | Date: (C)2020-11-27 (M)2023-11-13 |
Class: PATCH | Family: unix |
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. Buffer overflows were discovered in UDF-related codes under MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe, which could be triggered with long file names or invalid formatted UDF media. Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access