Vulnerabilities > CVE-2021-28216 - Release of Invalid Pointer or Reference vulnerability in Tianocore EDK II

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
tianocore
CWE-763

Summary

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

Vulnerable Configurations

Part Description Count
Application
Tianocore
1

Common Weakness Enumeration (CWE)