Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Reference: https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 1694085]
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1694086]
Can you please work with the TianoCore Bugzilla InfoSec group to open up the upstream ticket to the public? Thank you.
Upstream bug: https://bugzilla.tianocore.org/show_bug.cgi?id=1133 Patch proposed in upstream bug: https://bugzilla.tianocore.org/attachment.cgi?id=210