In EDK II, a vulnerability exists in BaseUefiDecompressLib.c, TianoCompress.c, and UEFI specification via a stack-based buffer overflow in the MakeTable() function. An authenticated attacker could exploit this via a crafted file to escalate privileges. External Reference: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html Upstream Bug: https://bugzilla.tianocore.org/show_bug.cgi?id=686
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1641462] Affects: fedora-all [bug 1641461]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-5734