A security issue has been found in edk2. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address. A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.
A security issue has been found in edk2. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address. A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.
https://bugzilla.tianocore.org/show_bug.cgi?id=2957