CVE-2019-11098

Published: 14 July 2021

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

Priority

Low

CVSS 3 base score: 6.8

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian
Upstream
Released (2020.11-5)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(2021.05-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2020.11-4ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (0~20191122.bd85bf54-2ubuntu3.3)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(out of standard support)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/tianocore/edk2/pull/830
Upstream: https://github.com/tianocore/edk2/pull/1405
Upstream: https://github.com/tianocore/edk2/pull/830/commits/af48e7719c501df656b9bbb67f17afcf915aaf72
Upstream: https://github.com/tianocore/edk2/pull/830/commits/b85f78967701c2a7a70fb8d1f8d3d27d998bbfcd
Upstream: https://github.com/tianocore/edk2/pull/830/commits/550e3be222966f8341cee08e0ff3e303ee180f79
Upstream: https://github.com/tianocore/edk2/pull/830/commits/de701382bd1ec6ca605e2a2d107b6a5f033bb1a6
Upstream: https://github.com/tianocore/edk2/pull/830/commits/10d48773432a8df8b2c8f3aaab56f064d529f720
Upstream: https://github.com/tianocore/edk2/pull/830/commits/d691e66c411360a4ad1e8207f232b944ea52310a
Upstream: https://github.com/tianocore/edk2/pull/830/commits/62a8616e06848a3cf2332a5b0614d091b645988a
Upstream: https://github.com/tianocore/edk2/pull/830/commits/7ea02619e9930f2f15b2cf6aa8c23345073f4aa4
Upstream: https://github.com/tianocore/edk2/pull/830/commits/b6524d7062f3e22c2c8158cdbf2e8f81b959560b
Upstream: https://github.com/tianocore/edk2/pull/1405/commits/2b8656fd130e719325a63475d1d3fe747cfd31ce