1.0.0
31. EDK II TianoCompress Bounds Checking Issues

Description:

Multiple privilege escalation vulnerabilities in TianoCompress and UEFICompress decompression algorithm may allow authenticated user to potentially manipulate stack and heap buffers via local access.

Impact

Elevation of Privilege

Severity

Medium 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Recommendation:

This addresses the following issue in Tianocore Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=686
The patch to update firmware is: https://bugzilla.tianocore.org/attachment.cgi?id=150

Acknowledgments:

These issues were discovered by multiple parties including Intel and Eclypsium.

References:

CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, and CVE-2017-5735
Copy link
On this page
Description:
Impact
Severity
Recommendation:
Acknowledgments:
References: