edk2-shell

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description EDK2 UEFI Shell
Version 202102-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1360 202102-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2019-14560 AVG-1360 Medium No Certificate verification bypass
GetEfiGlobalVariable2() is used in some instances when looking up the SecureBoot UEFI variable. The API can fail in certain circumstances, for example, if...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1697 202008-1 202011-1 Medium Fixed
AVG-1359 202008-1 202011-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-28211 AVG-1697 Medium No Arbitrary code execution
A security issue was found in EDK II before version 202011. A possible heap corruption in LzmaUefiDecompressGetInfo  could lead to arbitrary code execution.
CVE-2021-28210 AVG-1697 Low No Denial of service
A security issue was found in EDK II before version 202011. An unlimited FV parsing recursion could lead to denial of service.
CVE-2019-14584 AVG-1359 Medium No Denial of service
A security issue was found in edk2 up to edk2-stable202011. AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode...