A logic error in MdeModulePkg in EDK II firmware may allow authenticated user to potentially bypass configuration access controls and escalate privileges via local access.
Created edk2 tracking bugs for this issue:
Affects: epel-all [bug 1641435]
Affects: fedora-all [bug 1641434]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):