Packages
- edk2 - UEFI firmware for virtual machines
Details
It was discovered that EDK II was not properly performing bounds checks
in Tianocompress, which could lead to a buffer overflow. An authenticated
user could use this issue to potentially escalate their privileges via
local access. (CVE-2017-5731)
It was discovered that EDK II had an insufficient memory write check in
the SMM service, which could lead to a page fault occurring. An
authenticated user could use this issue to potentially escalate their
privileges, disclose information and/or create a denial of service via
local access. (CVE-2018-12182)
It was discovered that EDK II incorrectly handled memory in DxeCore, which
could lead to a stack overflow. An unauthenticated user could this
issue to potentially escalate their privileges, disclose information
and/or create a denial of service via local access. This issue only
affected Ubuntu 18.04...
It was discovered that EDK II was not properly performing bounds checks
in Tianocompress, which could lead to a buffer overflow. An authenticated
user could use this issue to potentially escalate their privileges via
local access. (CVE-2017-5731)
It was discovered that EDK II had an insufficient memory write check in
the SMM service, which could lead to a page fault occurring. An
authenticated user could use this issue to potentially escalate their
privileges, disclose information and/or create a denial of service via
local access. (CVE-2018-12182)
It was discovered that EDK II incorrectly handled memory in DxeCore, which
could lead to a stack overflow. An unauthenticated user could this
issue to potentially escalate their privileges, disclose information
and/or create a denial of service via local access. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-12183)
It was discovered that EDK II incorrectly handled memory in the
Variable service under certain circumstances. An authenticated user could
use this issue to potentially escalate their privileges, disclose
information and/or create a denial of service via local access.
(CVE-2018-3613)
It was discovered that EDK II incorrectly handled memory in its system
firmware, which could lead to a buffer overflow. An unauthenticated user
could use this issue to potentially escalate their privileges and/or
create a denial of service via network access. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-0160)
Update instructions
After a standard system update you need to restart the virtual machines that use the affected firmware to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 18.04 bionic | ovmf – 0~20180205.c0d9813c-2ubuntu0.3+esm1 | ||
| qemu-efi – 0~20180205.c0d9813c-2ubuntu0.3+esm1 | |||
| qemu-efi-aarch64 – 0~20180205.c0d9813c-2ubuntu0.3+esm1 | |||
| qemu-efi-arm – 0~20180205.c0d9813c-2ubuntu0.3+esm1 | |||
| 16.04 xenial | ovmf – 0~20160408.ffea0a2c-2ubuntu0.2+esm1 | ||
| qemu-efi – 0~20160408.ffea0a2c-2ubuntu0.2+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.