CVE-2014-4860

Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)

Description The issue concerns multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation. This allows physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.