CVE-2014-4859
Published: 31 January 2020
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
Notes
Author | Note |
---|---|
sbeattie | No support for updates of hypervisor-supplied firmware from guests |
Priority
CVSS 3 base score: 6.8