edk2-shell

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	EDK2 UEFI Shell
Version	202102-1 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1360	202102-1		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2019-14560	AVG-1360	Medium	No	Certificate verification bypass	GetEfiGlobalVariable2() is used in some instances when looking up the SecureBoot UEFI variable. The API can fail in certain circumstances, for example, if...

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1697	202008-1	202011-1	Medium	Fixed
AVG-1359	202008-1	202011-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-28211	AVG-1697	Medium	No	Arbitrary code execution	A security issue was found in EDK II before version 202011. A possible heap corruption in LzmaUefiDecompressGetInfo could lead to arbitrary code execution.
CVE-2021-28210	AVG-1697	Low	No	Denial of service	A security issue was found in EDK II before version 202011. An unlimited FV parsing recursion could lead to denial of service.
CVE-2019-14584	AVG-1359	Medium	No	Denial of service	A security issue was found in edk2 up to edk2-stable202011. AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-28211

AVG-1697

Medium

Arbitrary code execution

A security issue was found in EDK II before version 202011. A possible heap corruption in LzmaUefiDecompressGetInfo  could lead to arbitrary code execution.

CVE-2021-28210

AVG-1697

Low

Denial of service

A security issue was found in EDK II before version 202011. An unlimited FV parsing recursion could lead to denial of service.

CVE-2019-14584

AVG-1359

Medium

Denial of service

A security issue was found in edk2 up to edk2-stable202011. AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode...