Vulnerability in Tianocore Edk Ii

CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

EPSS: 0.005 (67.7th percentile) — read the EPSS interpretation.

Affected products

Tianocore Edk Ii — versions unspecified

Weakness classification (CWE)

CWE-124 — Buffer Underwrite

Public proof-of-concept exploits

w4zu/Debian_

References

Frequently asked questions

What is CVE-2021-38575?: CVE-2021-38575 is a vulnerability in Tianocore Edk Ii, classified under Buffer Underwrite. Published 2021-12-01.
Is CVE-2021-38575 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.