Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Reference: https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html Upstream commit: https://github.com/tianocore/edk2/commit/0a0d5296e448fc350de1594c49b9c0deff7fad60
External References: https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 1694085]
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1694086]
(In reply to Dhananjay Arunesh from comment #1) > External References: > > https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv- > recursion.html This advisory references upstream bugs #1126 and #1137. - TianoCore#1126 is open to the public, and it identifies the commit hash (0a0d5296e4) at which the related series was completed. I don't see how that work is related to DxeCore stack overflow. The advisory names the same commit as well. IMO both of these may have been in error, in the advisory (i.e. both the commit hash and the BZ reference); although I could be proved wrong, obviously. - In comparison, TianoCore#1137 has not been opened up to the public. I guess that BZ tracks the actual security bug. Can you please work with the TianoCore Bugzilla InfoSec group to open up TianoCore#1137? Thanks.
Upstream issues: https://bugzilla.tianocore.org/show_bug.cgi?id=1126 https://bugzilla.tianocore.org/show_bug.cgi?id=1137