edk2-shell

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	EDK2 UEFI Shell
Version	202211-3 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1360	202111-4		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2019-14560	AVG-1360	Medium	No	Certificate verification bypass	GetEfiGlobalVariable2() is used in some instances when looking up the SecureBoot UEFI variable. The API can fail in certain circumstances, for example, if...

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2592	202108-1	202111-1	Medium	Fixed
AVG-2382	202105-1	202108-1	Medium	Fixed
AVG-2070	202105-1		Medium	Not affected
AVG-1697	202008-1	202011-1	Medium	Fixed
AVG-1359	202008-1	202011-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-38575	AVG-2382	Medium	Yes	Arbitrary code execution	In EDK II before version 202108, a remotely exploitable buffer overflow has been found in the IScsiHexToBin() function.
CVE-2021-28216	AVG-2592	Medium	No	Insufficient validation	A security issue has been found in edk2 before version 202111. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read...
CVE-2021-28213	AVG-2070	Medium	No	Private key recovery	Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
CVE-2021-28211	AVG-1697	Medium	No	Arbitrary code execution	A security issue was found in EDK II before version 202011. A possible heap corruption in LzmaUefiDecompressGetInfo could lead to arbitrary code execution.
CVE-2021-28210	AVG-1697	Low	No	Denial of service	A security issue was found in EDK II before version 202011. An unlimited FV parsing recursion could lead to denial of service.
CVE-2019-14584	AVG-1359	Medium	No	Denial of service	A security issue was found in edk2 up to edk2-stable202011. AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode...