Tianocore Edk Ii
By the Year
In 2024 there have been 0 vulnerabilities in Tianocore Edk Ii . Edk Ii did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 7.30 |
| 2020 | 0 | 0.00 |
| 2019 | 9 | 7.59 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Edk Ii vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tianocore Edk Ii Security Vulnerabilities
BootPerformanceTable pointer is read from an NVRAM variable in PEI
CVE-2021-28216
7.8 - High
- August 05, 2021
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
Release of Invalid Pointer or Reference
Insufficient input validation in MdeModulePkg in EDKII may
CVE-2019-11098
6.8 - Medium
- July 14, 2021
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
Improper Input Validation
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may
CVE-2018-3613
7.8 - High
- March 27, 2019
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Buffer overflow in system firmware for EDK II may
CVE-2019-0160
9.8 - Critical
- March 27, 2019
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
Memory Corruption
Stack overflow in XHCI for EDK II may
CVE-2019-0161
5.5 - Medium
- March 27, 2019
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
Memory Corruption
Buffer overflow in network stack for EDK II may
CVE-2018-12178
9.1 - Critical
- March 27, 2019
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Buffer Overflow
Improper configuration in system firmware for EDK II may
CVE-2018-12179
7.8 - High
- March 27, 2019
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Buffer overflow in BlockIo service for EDK II may
CVE-2018-12180
8.8 - High
- March 27, 2019
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
Memory Corruption
Stack overflow in corrupted bmp for EDK II may
CVE-2018-12181
6 - Medium
- March 27, 2019
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
Memory Corruption
Insufficient memory write check in SMM service for EDK II may
CVE-2018-12182
6.7 - Medium
- March 27, 2019
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Confused Deputy
Stack overflow in DxeCore for EDK II may
CVE-2018-12183
6.8 - Medium
- March 27, 2019
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tianocore Edk Ii or by Tianocore? Click the Watch button to subscribe.
