All errata/sisyphus/ALT-PU-2020-1972-1
ALT-PU-2020-1972-1

Package update edk2 in branch sisyphus

Version20200229-alt1
Task#251783
Published2020-05-16
Max severityHIGH
Severity:

Closed issues (7)

BDU:2020-04779
LOW3.0

Уязвимость микропрограммного обеспечения BIOS процессоров Intel, связанная с ошибками управления привилегиями, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-10-22Modified: 2024-09-16
CVSS 3.xLOW 3.0
CVSS:3.x/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CVSS 2.0LOW 2.7
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2019-14558
MEDIUM5.7

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

Published: 2020-10-05Modified: 2024-11-21
CVSS 2.0LOW 2.7
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.7
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2019-14559
HIGH7.5

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Published: 2020-11-23Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2019-14563
HIGH7.8

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: 2020-11-23Modified: 2024-11-21
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2019-14575
HIGH7.8

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: 2020-11-23Modified: 2024-11-21
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2019-14586
HIGH8.0

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Published: 2020-11-23Modified: 2024-11-21
CVSS 2.0MEDIUM 5.2
CVSS:2.0/AV:A/AC:L/Au:S/C:P/I:P/A:P
CVSS 3.xHIGH 8.0
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2019-14587
MEDIUM6.5

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Published: 2020-11-23Modified: 2024-11-21
CVSS 2.0LOW 3.3
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References