PT-2020-7745 · Intel · Tianocore Edk2

Corey Kallenberg

Published

2020-02-06

Updated

2020-02-11

CVE-2014-8271

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Tianocore EDK2 versions prior to SVN 16280

Description The issue is related to a buffer overflow in the Reclaim function, allowing physically proximate attackers to gain privileges via a long variable name.

Recommendations For versions prior to SVN 16280, update to a version after SVN 16280 to resolve the issue. As a temporary workaround, consider restricting access to the Reclaim function to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2014-8271

Affected Products

Tianocore Edk2

PT-2020-7745 · Intel · Tianocore Edk2

CVE-2014-8271

Weakness Enumeration

Related Identifiers

Affected Products

References · 4