30. EDK II Authenticated Variable Bypass {#edk-ii-authenticated-variable-bypass}

Description:

Logic error in MdeModulePkg in EDK II firmware may allow authenticated user to potentially bypass configuration access controls and escalate privileges via local access.

Impact

Elevation of Privilege

Severity

Medium 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Recommendation:

This address the following issue in Tianocore Bugzilla:
https://bugzilla.tianocore.org/show_bug.cgi?id=415

Patch to update firmware is:
https://bugzilla.tianocore.org/attachment.cgi?id=44

Acknowledgments:

This issue was discovered by Intel.

References:

CVE-2018-3613

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

edk-ii-authenticated-variable-bypass.md

edk-ii-authenticated-variable-bypass.md

30. EDK II Authenticated Variable Bypass {#edk-ii-authenticated-variable-bypass}

Description:

Impact

Severity

Recommendation:

Acknowledgments:

References:

Files

edk-ii-authenticated-variable-bypass.md

Latest commit

History

edk-ii-authenticated-variable-bypass.md

File metadata and controls

30. EDK II Authenticated Variable Bypass {#edk-ii-authenticated-variable-bypass}

Description:

Impact

Severity

Recommendation:

Acknowledgments:

References: