Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-28216  

A security issue has been found in edk2. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address. A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.

Source
Severity Medium

Remote No

Type Insufficient validation

Description 

A security issue has been found in edk2. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address.  A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.

AVG-1360 edk2-shell 202105-1 Medium Vulnerable 

https://bugzilla.tianocore.org/show_bug.cgi?id=2957

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started