28. EDK II Untested memory not covered by SMM page protection
Incorrect handling of memory types in tianocore firmware allows local attacker to bypass SMM protections on memory.
Affects:
- MdePkg
- UefiCpuPkg
- MdeModulePkg
Elevation of Privilege / Information Disclosure
Patches for Tianocore are listed in the Tianocore Security Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=751
CVE-2018-3614