Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia: 2021-0035 Moderate: EDK II Multiple Security Flaws

mageia
Calendar Grey January 17, 2021
Dist Mageia Esm H88
Several vulnerabilities in the EDK II firmware addressed in the Mageia 2021-0035 notice, boosting system security.
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service v...

Summary

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12179).
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12182).
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12183).
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. (CVE-2019-0160).
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. (CVE-2019-0161).
Improper authentication in EDK ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25939

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/

- https://access.redhat.com/errata/RHSA-2020:1712

- https://ubuntu.com/security/notices/USN-4349-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A23OH3MXQU7WURSP4PC66EXMG6INYFH6/

- https://ubuntu.com/security/notices/USN-4684-1

- https://github.com/tianocore/edk2/releases

- https://www.cve.org/CVERecord?id=CVE-2018-12179

- https://www.cve.org/CVERecord?id=CVE-2018-12182

- https://www.cve.org/CVERecord?id=CVE-2018-12183

- https://www.cve.org/CVERecord?id=CVE-2019-0160

- https://www.cve.org/CVERecord?id=CVE-2019-0161

- https://www.cve.org/CVERecord?id=CVE-2019-14553

- https://www.cve.org/CVERecord?id=CVE-2019-14558

- https://www.cve.org/CVERecord?id=CVE-2019-14559

- https://www.cve.org/CVERecord?id=CVE-2019-14563

- https://www.cve.org/CVERecord?id=CVE-2019-14575

- https://www.cve.org/CVERecord?id=CVE-2019-14584

- https://www.cve.org/CVERecord?id=CVE-2019-14586

- https://www.cve.org/CVERecord?id=CVE-2019-14587

- https://www.cve.org/CVERecord?id=CVE-2019-14562

Topics%20covered

Topics Covered

security advisory denial of service security update privilege escalation information disclosure Mageia mageia edk2 EDK II

Resolution

SRPMS

- 7/core/edk2-20201127stable-1.mga7

Publication date: 17 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0035.html
Type: security
CVE: CVE-2018-12179, CVE-2018-12182, CVE-2018-12183, CVE-2019-0160, CVE-2019-0161, CVE-2019-14553, CVE-2019-14558, CVE-2019-14559, CVE-2019-14563, CVE-2019-14575, CVE-2019-14584, CVE-2019-14586, CVE-2019-14587, CVE-2019-14562

Topics%20covered

Topics Covered

security advisory denial of service security update privilege escalation information disclosure Mageia mageia edk2 EDK II

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here