Bug 2007434 (CVE-2019-11098) - CVE-2019-11098 edk2: Insufficient input validation in MdeModulePkg may lead to privilege escalation
Summary: CVE-2019-11098 edk2: Insufficient input validation in MdeModulePkg may lead t...
Status: NEW
Alias: CVE-2019-11098
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2007435 2011199 2011200
Blocks: 2007436
TreeView+ depends on / blocked
Reported: 2021-09-23 20:45 UTC by Pedro Sampaio
Modified: 2022-04-17 21:35 UTC (History)
6 users (show)

Fixed In Version: edk2-202008
Doc Type: If docs needed, set a value
Doc Text:
An improper input validation flaw in the MdeModulePkg module of edk2 may allow an unauthenticated attacker with physical access to the system handled by edk2 to escalate his privileges and cause a denial of service or disclose information.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Pedro Sampaio 2021-09-23 20:45:08 UTC
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.



Comment 1 Pedro Sampaio 2021-09-23 20:49:00 UTC
Created edk2 tracking bugs for this issue:

Affects: epel-7 [bug 2007435]

Comment 3 Riccardo Schirone 2021-10-06 09:14:32 UTC
Current patches: https://bugzilla.tianocore.org/attachment.cgi?id=316

Note You need to log in before you can comment on or make changes to this bug.