36. Buffer Overflow in BlockIo service for RAM disk

Description:
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
Impact:
Escalation of Privilege, Information Disclosure and/or Denial of service
Severity:
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Recommendation:
EDK II Commits:
​https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d​
​https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f​
Patch:
​https://bugzilla.tianocore.org/attachment.cgi?id=233​
Acknowledgments:
Intel Team
References:
CVE-2018-12180
EDK II Bugzilla #1134​

35. Stack Overflow on Corrupted BMP

37. XHCI stack local stack overflow

Last modified 2yr ago