CVE-2019-11098

Published: 14 July 2021

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

Priority

Low

CVSS 3 base score: 6.8

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian 		Upstream
Released (2020.11-5)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(2021.05-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2020.11-4ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (0~20191122.bd85bf54-2ubuntu3.3)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(out of standard support)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/tianocore/edk2/pull/830
Upstream: https://github.com/tianocore/edk2/pull/1405
Upstream: https://github.com/tianocore/edk2/pull/830/commits/af48e7719c501df656b9bbb67f17afcf915aaf72
Upstream: https://github.com/tianocore/edk2/pull/830/commits/b85f78967701c2a7a70fb8d1f8d3d27d998bbfcd
Upstream: https://github.com/tianocore/edk2/pull/830/commits/550e3be222966f8341cee08e0ff3e303ee180f79
Upstream: https://github.com/tianocore/edk2/pull/830/commits/de701382bd1ec6ca605e2a2d107b6a5f033bb1a6
Upstream: https://github.com/tianocore/edk2/pull/830/commits/10d48773432a8df8b2c8f3aaab56f064d529f720
Upstream: https://github.com/tianocore/edk2/pull/830/commits/d691e66c411360a4ad1e8207f232b944ea52310a
Upstream: https://github.com/tianocore/edk2/pull/830/commits/62a8616e06848a3cf2332a5b0614d091b645988a
Upstream: https://github.com/tianocore/edk2/pull/830/commits/7ea02619e9930f2f15b2cf6aa8c23345073f4aa4
Upstream: https://github.com/tianocore/edk2/pull/830/commits/b6524d7062f3e22c2c8158cdbf2e8f81b959560b
Upstream: https://github.com/tianocore/edk2/pull/1405/commits/2b8656fd130e719325a63475d1d3fe747cfd31ce

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading