Stack Overflow Vulnerability in EDK II's XHCI Component
CVE-2019-0161

5.5MEDIUM

Key Information:

Vendor

Extensible Firmware Interface Development Kit (edk Ii)

Status
Extensible Firmware Interface Development Kit (edk Ii)
Vendor
CVE Published:
27 March 2019

What is CVE-2019-0161?

A stack overflow vulnerability in the XHCI (eXtensible Host Controller Interface) component of EDK II allows an unauthenticated local user to exploit the flaw. This exploitation could lead to potential denial of service, compromising system stability. It is essential for users and organizations relying on EDK II to apply the necessary patches and updates to mitigate any security threats posed by this vulnerability.

Affected Version(s)

Extensible Firmware Interface Development Kit (EDK II)

References

https://edk2-docs.gitbooks.io/security-advisory/content/x...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.