CVE-2021-28216 log

Source
Severity Medium
Remote No
Type Insufficient validation
Description
A security issue has been found in edk2. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address.  A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.
Group Package Affected Fixed Severity Status Ticket
AVG-1360 edk2-shell 202108-1 Medium Vulnerable
References
https://bugzilla.tianocore.org/show_bug.cgi?id=2957