Incorrect handling of memory types in tianocore firmware allows local attacker to bypass SMM protections on memory.
Affects:
MdePkg
UefiCpuPkg
MdeModulePkg
Elevation of Privilege / Information Disclosure
High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Patches for Tianocore are listed in the Tianocore Security Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=751
The issue was reported through TianoCore Bugzilla
CVE-2018-3614