ID CVE-2018-12180
Summary Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
References
Vulnerable Configurations
  • cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*
    cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1683372
    title CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment AAVMF is earlier than 0:20180508-3.gitee3198e672e2.el7_6.1
            oval oval:com.redhat.rhsa:tst:20190809001
          • comment AAVMF is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183090002
        • AND
          • comment OVMF is earlier than 0:20180508-3.gitee3198e672e2.el7_6.1
            oval oval:com.redhat.rhsa:tst:20190809003
          • comment OVMF is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183090004
    rhsa
    id RHSA-2019:0809
    released 2019-04-23
    severity Important
    title RHSA-2019:0809: ovmf security update (Important)
  • bugzilla
    id 1683372
    title CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment edk2-aarch64 is earlier than 0:20180508gitee3198e672e2-9.el8_0.1
            oval oval:com.redhat.rhsa:tst:20190968001
          • comment edk2-aarch64 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190968002
        • AND
          • comment edk2-ovmf is earlier than 0:20180508gitee3198e672e2-9.el8_0.1
            oval oval:com.redhat.rhsa:tst:20190968003
          • comment edk2-ovmf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190968004
    rhsa
    id RHSA-2019:0968
    released 2019-05-07
    severity Important
    title RHSA-2019:0968: edk2 security update (Important)
  • rhsa
    id RHSA-2019:1116
rpms
  • AAVMF-0:20180508-3.gitee3198e672e2.el7_6.1
  • OVMF-0:20180508-3.gitee3198e672e2.el7_6.1
  • edk2-aarch64-0:20180508gitee3198e672e2-9.el8_0.1
  • edk2-ovmf-0:20180508gitee3198e672e2-9.el8_0.1
  • redhat-release-virtualization-host-0:4.3-0.6.el7
  • redhat-virtualization-host-image-update-0:4.3-20190418.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.3-0.6.el7
refmap via4
confirm
fedora FEDORA-2019-bff1cbaba3
suse openSUSE-SU-2019:1083
ubuntu USN-4349-1
Last major update 03-10-2019 - 00:03
Published 27-03-2019 - 20:29
Last modified 03-10-2019 - 00:03
Back to Top