31. EDK II TianoCompress Bounds Checking Issues
Multiple privilege escalation vulnerabilities in TianoCompress and UEFICompress decompression algorithm may allow authenticated user to potentially manipulate stack and heap buffers via local access.
Elevation of Privilege
Medium 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
This addresses the following issue in Tianocore Bugzilla:
https://bugzilla.tianocore.org/show_bug.cgi?id=686
These issues were discovered by multiple parties including Intel and Eclypsium.
CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, and CVE-2017-5735
Last modified 2yr ago