📦 Edk2

This CVE allows attackers to bypass Secure Boot restrictions by accessing the UEFI Shell in Ubuntu systems with vulnerable edk2 firmware. This could enable booting unauthorized operating systems or lo...

CVE-2023-45232 is an infinite loop vulnerability in EDK2's Network Package when parsing unknown IPv6 Destination Options headers. This allows attackers to cause denial of service by sending specially ...

A buffer overflow vulnerability in EDK2's Network Package allows attackers to execute arbitrary code by sending malicious DHCPv6 Advertise messages. This affects systems using EDK2-based firmware with...

EDK2's Network Package has a buffer overflow vulnerability in the DHCPv6 client when processing long server ID options. Attackers on the same network can exploit this to execute arbitrary code or caus...

CVE-2022-36764 is a heap buffer overflow vulnerability in EDK2's Tcg2MeasurePeImage() function that allows local network attackers to potentially execute arbitrary code or cause denial of service. Thi...

CVE-2021-38578 is a buffer underflow vulnerability in Tianocore EDK II's System Management Mode (SMM) entry point that allows attackers to corrupt SMRAM memory. This affects systems using vulnerable U...

A BIOS firmware vulnerability in certain PC models leaves the Platform authorization value empty, allowing attackers to permanently brick the TPM chip or cause temporary denial-of-service. This affect...

CVE-2021-28213 involves a security risk in EDK2's IpSecDxe.efi where an example encrypted private key is present, potentially allowing attackers to decrypt network traffic or impersonate systems. This...

CVE-2019-14584 is a null pointer dereference vulnerability in Tianocore EDK2 firmware that allows an authenticated local user to potentially escalate privileges. This affects systems using vulnerable ...