Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Reference: https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 1694085]
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1694086]
Can you please work with the TianoCore Bugzilla InfoSec group so they open up TianoCore#1136 to the public? Thank you.
nullIn reply to comment #3: > Can you please work with the TianoCore Bugzilla InfoSec group so they open > up TianoCore#1136 to the public? Thank you. This will be handled by analyst who takes this issue.
Upstream issue: https://bugzilla.tianocore.org/show_bug.cgi?id=1136 Upstream proposed patch: https://bugzilla.tianocore.org/attachment.cgi?id=213