Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-11098

Published: 14 July 2021

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

Priority

Low

Cvss 3 Severity Score

6.8

Score breakdown

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian 		bionic Needed

focal
Released (0~20191122.bd85bf54-2ubuntu3.3)
groovy Ignored
(reached end-of-life)
hirsute
Released (2020.11-4ubuntu0.1)
impish Not vulnerable
(2021.05-1)
jammy Not vulnerable
(2021.05-1)
kinetic Not vulnerable
(2021.05-1)
lunar Not vulnerable
(2021.05-1)
trusty Does not exist

upstream
Released (2020.11-5)
xenial Needs triage

Patches:
upstream: https://github.com/tianocore/edk2/pull/830
upstream: https://github.com/tianocore/edk2/pull/1405
upstream: https://github.com/tianocore/edk2/pull/830/commits/af48e7719c501df656b9bbb67f17afcf915aaf72
upstream: https://github.com/tianocore/edk2/pull/830/commits/b85f78967701c2a7a70fb8d1f8d3d27d998bbfcd
upstream: https://github.com/tianocore/edk2/pull/830/commits/550e3be222966f8341cee08e0ff3e303ee180f79
upstream: https://github.com/tianocore/edk2/pull/830/commits/de701382bd1ec6ca605e2a2d107b6a5f033bb1a6
upstream: https://github.com/tianocore/edk2/pull/830/commits/10d48773432a8df8b2c8f3aaab56f064d529f720
upstream: https://github.com/tianocore/edk2/pull/830/commits/d691e66c411360a4ad1e8207f232b944ea52310a
upstream: https://github.com/tianocore/edk2/pull/830/commits/62a8616e06848a3cf2332a5b0614d091b645988a
upstream: https://github.com/tianocore/edk2/pull/830/commits/7ea02619e9930f2f15b2cf6aa8c23345073f4aa4
upstream: https://github.com/tianocore/edk2/pull/830/commits/b6524d7062f3e22c2c8158cdbf2e8f81b959560b
upstream: https://github.com/tianocore/edk2/pull/1405/commits/2b8656fd130e719325a63475d1d3fe747cfd31ce

Severity score breakdown

Parameter Value
Base score 6.8
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading