ID CVE-2019-0160
Summary Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
References
Vulnerable Configurations
  • cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*
    cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-04-2022 - 20:36)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1714446
    title edk2-aarch64 silent build is not silent enough
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment edk2-aarch64 is earlier than 0:20190308git89910a39dcfd-6.el8
            oval oval:com.redhat.rhsa:tst:20193338001
          • comment edk2-aarch64 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190968002
        • AND
          • comment edk2-ovmf is earlier than 0:20190308git89910a39dcfd-6.el8
            oval oval:com.redhat.rhsa:tst:20193338003
          • comment edk2-ovmf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190968004
    rhsa
    id RHSA-2019:3338
    released 2019-11-05
    severity Moderate
    title RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2019:2125
rpms
  • OVMF-0:20180508-6.gitee3198e672e2.el7
  • edk2-aarch64-0:20190308git89910a39dcfd-6.el8
  • edk2-ovmf-0:20190308git89910a39dcfd-6.el8
refmap via4
confirm https://edk2-docs.gitbooks.io/security-advisory/content/partitiondxe-and-udf-buffer-overflow.html
fedora FEDORA-2019-d47a9d4b8b
suse openSUSE-SU-2019:1172
Last major update 05-04-2022 - 20:36
Published 27-03-2019 - 20:29
Last modified 05-04-2022 - 20:36
Back to Top