CVE-2018-3613

Published: Mar 27, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Affected (3)

Products: Tianocore: Edk Ii

Tianocore

1 product

Edk Ii

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Tianocore Edk Ii	Version udk2015
Tianocore Edk Ii	Version udk2017
Tianocore Edk Ii	Version udk2018

References (8)

https://access.redhat.com/errata/RHSA-2019:2125

Source: secure@intel.com

https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html

Source: secure@intel.com

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/

Source: secure@intel.com

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us

Source: secure@intel.com

https://access.redhat.com/errata/RHSA-2019:2125

Source: af854a3a-2127-422b-91ae-364da2661108

https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.