Vulnerabilities > CVE-2021-28216 - Release of Invalid Pointer or Reference vulnerability in Tianocore EDK II

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
tianocore
CWE-763

Summary

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

Vulnerable Configurations

Part Description Count
Application
Tianocore
1

Common Weakness Enumeration (CWE)