28. EDK II Untested memory not covered by SMM page protection

Description:
Incorrect handling of memory types in tianocore firmware allows local attacker to bypass SMM protections on memory.
Affects:
MdePkg
UefiCpuPkg
MdeModulePkg
Impact
Elevation of Privilege / Information Disclosure
Severity
High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Recommendation:
Patches for Tianocore are listed in the Tianocore Security Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=751​
Acknowledgments:
The issue was reported through TianoCore Bugzilla​
References:
CVE-2018-3614

27. UEFI Variable Deletion/Corruption

29. Unauthenticated Firmware Chain-of-Trust Bypass

Last modified 2yr ago