ALT-PU-2020-1972-1

BDU:2020-04779

LOW3.0

Уязвимость микропрограммного обеспечения BIOS процессоров Intel, связанная с ошибками управления привилегиями, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2020-10-22Изменено: 2024-09-16

CVSS 3.xНИЗКАЯ 3.0

CVSS:3.x/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CVSS 2.0НИЗКАЯ 2.7

CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:P

Ссылки

CVE-2019-14558

CVE-2019-14558

MEDIUM5.7

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

Опубликовано: 2020-10-05Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.7

CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 5.7

CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2019-14559

HIGH7.5

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Опубликовано: 2020-11-23Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2019-14563

HIGH7.8

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Опубликовано: 2020-11-23Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2019-14575

HIGH7.8

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Опубликовано: 2020-11-23Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2019-14586

HIGH8.0

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Опубликовано: 2020-11-23Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.2

CVSS:2.0/AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.0

CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2019-14587

MEDIUM6.5

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Опубликовано: 2020-11-23Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 3.3

CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

Обновление пакета edk2 в ветке sisyphus

Закрытые проблемы (7)

Уязвимость микропрограммного обеспечения BIOS процессоров Intel, связанная с ошибками управления привилегиями, позволяющая нарушителю вызвать отказ в обслуживании

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.