CVE-2021-28210

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EDK II (affected versions not specified)

Description The issue is related to an unlimited recursion in the EDK II UEFI development environment, specifically in DxeCore. This allows an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2014-2246

BDU:2022-06898

CESA-2021_4198

CVE-2021-28210

DLA-2645-1

OESA-2021-1251

OPENSUSE-SU-2021:0495-1

OPENSUSE-SU-2021_0495-1

OPENSUSE-SU-2024:11134-1

RHSA-2021:4198

RHSA-2021_4198

SUSE-SU-2021:0972-1

SUSE-SU-2021:0987-1

SUSE-SU-2021:2117-1

SUSE-SU-2021:2161-1

SUSE-SU-2021_0972-1

SUSE-SU-2021_0987-1

SUSE-SU-2021_2161-1

USN-4923-1

USN-7060-1

Affected Products

Alt Linux

Astra Linux

Centos

Edk Ii

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2021-28210

Weakness Enumeration

Related Identifiers

Affected Products

References · 130