Tianocore Edk Ii
6 CVEs affecting Tianocore Edk Ii. Latest disclosed: 2022-03-03. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-38578 | High | 7.4 | 2022-03-03 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. |
CVE-2021-38575 | | 2021-12-01 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | |
CVE-2021-28216 | | 2021-08-05 | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | |
CVE-2021-28213 | | 2021-06-11 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | |
CVE-2021-28211 | | 2021-06-11 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | |
CVE-2021-28210 | | 2021-06-11 | An unlimited recursion in DxeCore in EDK II. |