CVE-2021-28216

Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)

Description The issue is related to the function FpdtStatusCodeListenerPei() in the open-source UEFI EDK2 development environment. It involves the release of an incorrect pointer, which can be exploited by an attacker to gain access to confidential data, compromise its integrity, and cause a denial of service. The BootPerformanceTable pointer is read from an NVRAM variable in PEI.

Recommendations For EDK2, set PcdFirmwarePerformanceDataTableS3Support to FALSE to mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.