vulnerability
Oracle Linux: CVE-2018-12181: ELSA-2019-4668: edk2 security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Mar 7, 2019 | Jun 7, 2019 | Jan 7, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 7, 2019
Added
Jun 7, 2019
Modified
Jan 7, 2025
Description
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors.
A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors.
Solution(s)
oracle-linux-upgrade-aavmforacle-linux-upgrade-edk2-aarch64oracle-linux-upgrade-edk2-ovmforacle-linux-upgrade-ovmf

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.