CVE-2019-11098

Published: 14 July 2021

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

Priority

CVSS 3 base score: 6.8

Status

Package	Release	Status
edk2 Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Released (0~20191122.bd85bf54-2ubuntu3.3)
	groovy	Ignored (reached end-of-life)
	hirsute	Released (2020.11-4ubuntu0.1)
	impish	Not vulnerable (2021.05-1)
	jammy	Not vulnerable (2021.05-1)
	trusty	Does not exist
	upstream	Released (2020.11-5)
	xenial	Ignored (out of standard support)
	Patches: upstream: https://github.com/tianocore/edk2/pull/830 upstream: https://github.com/tianocore/edk2/pull/1405 upstream: https://github.com/tianocore/edk2/pull/830/commits/af48e7719c501df656b9bbb67f17afcf915aaf72 upstream: https://github.com/tianocore/edk2/pull/830/commits/b85f78967701c2a7a70fb8d1f8d3d27d998bbfcd upstream: https://github.com/tianocore/edk2/pull/830/commits/550e3be222966f8341cee08e0ff3e303ee180f79 upstream: https://github.com/tianocore/edk2/pull/830/commits/de701382bd1ec6ca605e2a2d107b6a5f033bb1a6 upstream: https://github.com/tianocore/edk2/pull/830/commits/10d48773432a8df8b2c8f3aaab56f064d529f720 upstream: https://github.com/tianocore/edk2/pull/830/commits/d691e66c411360a4ad1e8207f232b944ea52310a upstream: https://github.com/tianocore/edk2/pull/830/commits/62a8616e06848a3cf2332a5b0614d091b645988a upstream: https://github.com/tianocore/edk2/pull/830/commits/7ea02619e9930f2f15b2cf6aa8c23345073f4aa4 upstream: https://github.com/tianocore/edk2/pull/830/commits/b6524d7062f3e22c2c8158cdbf2e8f81b959560b upstream: https://github.com/tianocore/edk2/pull/1405/commits/2b8656fd130e719325a63475d1d3fe747cfd31ce

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security