1.0.0
30. EDK II Authenticated Variable Bypass

Description:

Logic error in MdeModulePkg in EDK II firmware may allow authenticated user to potentially bypass configuration access controls and escalate privileges via local access.

Impact

Elevation of Privilege

Severity

Medium 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Recommendation:

This address the following issue in Tianocore Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=415

Acknowledgments:

This issue was discovered by Intel.

References:

CVE-2018-3613
Last modified 1yr ago