Vulnerabilities > CVE-2018-12183 - Out-of-bounds Write vulnerability in Tianocore EDK II

047910
CVSS 6.8 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
tianocore
CWE-787
nessus
NVD
Published: 2019-03-27
Updated: 2023-11-07

Summary

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Vulnerable Configurations

Part Description Count
Application
Tianocore
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyAmazon Linux Local Security Checks
NASL idAL2_ALAS-2019-1290.NASL
descriptionInsufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12182) Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. (CVE-2019-0161) Buffer overflows were discovered in UDF-related codes under MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe, which could be triggered with long file names or invalid formatted UDF media. (CVE-2019-0160) Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12183) Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12179)
last seen2020-06-01
modified2020-06-02
plugin id129069
published2019-09-20
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/129069
titleAmazon Linux 2 : edk2 (ALAS-2019-1290)

References