Buffer Overflow in BlockIo Service for EDK II by Intel
CVE-2018-12180

8.8HIGH

Key Information:

Vendor

Extensible Firmware Interface Development Kit (edk Ii)

Status
Extensible Firmware Interface Development Kit (edk Ii)
Vendor
CVE Published:
27 March 2019

What is CVE-2018-12180?

A buffer overflow vulnerability exists in the BlockIo service for the EDK II firmware, which may allow unauthenticated network users to exploit the flaw. Successful exploitation can lead to elevated privileges, unauthorized access to sensitive information, or a denial of service condition. This vulnerability highlights the importance of securing firmware components and applying relevant patches provided by vendor advisories to mitigate the risks.

Affected Version(s)

Extensible Firmware Interface Development Kit (EDK II)

References

https://edk2-docs.gitbooks.io/security-advisory/content/b...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.