Bug 1694072 (CVE-2018-12179) - CVE-2018-12179 edk2: improper configuration insystem firmware leads to privilege escalation
Summary: CVE-2018-12179 edk2: improper configuration insystem firmware leads to privil...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-12179
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1694086 1694085
Blocks: 1694083
TreeView+ depends on / blocked
 
Reported: 2019-03-29 12:51 UTC by Dhananjay Arunesh
Modified: 2019-09-29 15:10 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:52:35 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
TianoCore 1133 0 None None None 2019-04-15 12:06:17 UTC

Description Dhananjay Arunesh 2019-03-29 12:51:06 UTC 
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Reference:
https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html
Comment 1 Dhananjay Arunesh 2019-03-29 13:35:10 UTC 
Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 1694085]
Comment 2 Dhananjay Arunesh 2019-03-29 13:36:02 UTC 
Created edk2 tracking bugs for this issue:

Affects: epel-all [bug 1694086]
Comment 3 Laszlo Ersek 2019-04-01 16:24:04 UTC 
Can you please work with the TianoCore Bugzilla InfoSec group to open up the upstream ticket to the public? Thank you.
Comment 4 Riccardo Schirone 2019-04-08 15:36:34 UTC 
Upstream bug:
https://bugzilla.tianocore.org/show_bug.cgi?id=1133

Patch proposed in upstream bug:
https://bugzilla.tianocore.org/attachment.cgi?id=210
Note You need to log in before you can comment on or make changes to this bug.