edk2-shell

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	EDK2 UEFI Shell
Version	202105-1 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1360	202105-1		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2019-14560	AVG-1360	Medium	No	Certificate verification bypass	GetEfiGlobalVariable2() is used in some instances when looking up the SecureBoot UEFI variable. The API can fail in certain circumstances, for example, if...

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2070	202105-1		Medium	Not affected
AVG-1697	202008-1	202011-1	Medium	Fixed
AVG-1359	202008-1	202011-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-28213	AVG-2070	Medium	No	Private key recovery	Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
CVE-2021-28211	AVG-1697	Medium	No	Arbitrary code execution	A security issue was found in EDK II before version 202011. A possible heap corruption in LzmaUefiDecompressGetInfo could lead to arbitrary code execution.
CVE-2021-28210	AVG-1697	Low	No	Denial of service	A security issue was found in EDK II before version 202011. An unlimited FV parsing recursion could lead to denial of service.
CVE-2019-14584	AVG-1359	Medium	No	Denial of service	A security issue was found in edk2 up to edk2-stable202011. AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode...