35. Stack Overflow on Corrupted BMP

Description:
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Impact:
Denial of Service or Elevation of Privilege
Severity:
7.4 high CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
Recommendation:
EDK II Commits:
​https://github.com/tianocore/edk2/commit/89910a39dcfd788057caa5d88b7e76e112d187b5​
​https://github.com/tianocore/edk2/commit/ffe5f7a6b4e978dffbe1df228963adc914451106​
Patch:
​https://bugzilla.tianocore.org/attachment.cgi?id=212​
Acknowledgments:
Intel Team
References:
CVE-2018-12181
EDK II Bugzilla #1135​

34. PartitionDxe and Udf Buffer Overflow

36. Buffer Overflow in BlockIo service for RAM disk

Last modified 2yr ago