ALT Linux Team

Package edk2-tools update in sisyphus on 2020-05-16

ALT-PU-2020-1971-1

Package edk2-tools updated to version 20200229-alt1 for branch sisyphus in task 251783.

Closed vulnerabilities

Published: 2020-09-08

BDU:2020-04779

Уязвимость микропрограммного обеспечения BIOS процессоров Intel, связанная с ошибками управления привилегиями, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.0) Vector: AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
References:
Published: 2020-10-05
Modified: 2024-11-21

CVE-2019-14558

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14559

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14563

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14575

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14586

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Severity: HIGH (8.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-11-23
Modified: 2024-11-21

CVE-2019-14587

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top