Log

AVG-2562 edited at 29 Nov 2021 12:10:47
Status
- Vulnerable
+ Testing
Fixed
+ 1.34.1-1
AVG-2592 created at 29 Nov 2021 12:09:51
Packages
+ edk2-shell
Issues
+ CVE-2021-28216
Status
+ Testing
Severity
+ Medium
Affected
+ 202108-1
Fixed
+ 202111-1
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-1360 edited at 29 Nov 2021 12:09:47
Issues
CVE-2019-14560
- CVE-2021-28216
Affected
- 202108-1
+ 202111-1
CVE-2021-28216 edited at 29 Nov 2021 12:09:05
Description
- A security issue has been found in edk2. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address. A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.
+ A security issue has been found in edk2 before version 202111. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address. A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.
References
https://bugzilla.tianocore.org/show_bug.cgi?id=2957
+ https://edk2.groups.io/g/devel/message/81743
+ https://github.com/tianocore/edk2/commit/466ebdd2e0919c1538d03cd59833704bd5e1c028
AVG-1741 edited at 29 Nov 2021 09:40:31
Issues
CVE-2021-3542
CVE-2021-3669
CVE-2021-3752
CVE-2021-3759
CVE-2021-3847
CVE-2021-4001
CVE-2021-4023
+ CVE-2021-4028
CVE-2021-29648
CVE-2021-30178
CVE-2021-43975
CVE-2021-43976
AVG-1881 edited at 29 Nov 2021 09:40:25
Issues
CVE-2021-3542
CVE-2021-3669
CVE-2021-3752
CVE-2021-3847
+ CVE-2021-4028
CVE-2021-43975
CVE-2021-43976
AVG-1880 edited at 29 Nov 2021 09:40:19
Issues
CVE-2021-3542
CVE-2021-3669
CVE-2021-3752
CVE-2021-3847
+ CVE-2021-4028
CVE-2021-43975
CVE-2021-43976
CVE-2021-4028 edited at 29 Nov 2021 09:39:40
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=2027201
AVG-1879 edited at 29 Nov 2021 09:38:48
Issues
CVE-2021-3542
CVE-2021-3669
CVE-2021-3752
CVE-2021-3847
+ CVE-2021-4028
CVE-2021-43975
CVE-2021-43976
CVE-2021-4028 created at 29 Nov 2021 09:38:48
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2318 edited at 29 Nov 2021 09:35:04
Advisory qualified
- Yes
+ No