Insufficient Input Validation in EDKII MdeModulePkg Affects Security
CVE-2019-11098

6.8MEDIUM

Key Information:

Vendor: Tianocore
Status: Tianocore
Vendor: CVE Published:; 14 July 2021

What is CVE-2019-11098?

The EDKII MdeModulePkg exhibits insufficient input validation, which can be exploited by an unauthorized user with physical access to the system. This vulnerability could lead to potential escalation of privilege, granting the attacker elevated rights, as well as denial of service, disrupting normal operation. Additionally, it may permit unauthorized information disclosure, compromising the confidentiality of sensitive data. Immediate remediation is advised for organizations using affected versions of this module.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tianocore See references

References

https://edk2-docs.gitbook.io/security-advisory/bootguard-...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
Apr 11, 2019

JSON

Tianocore

What is CVE-2019-11098?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.