2 new Tianocore/EDK2 security advisories

Tianocore Security Advisories has 2 new UEFI vulnerabilities:

https://edk2-docs.gitbooks.io/security-advisory/content/

30. EDK II Authenticated Variable Bypass
Logic error in MdeModulePkg in EDK II firmware may allow authenticated user to potentially bypass configuration access controls and escalate privileges via local access.
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html

31. EDK II TianoCompress Bounds Checking Issues: Multiple privilege escalation vulnerabilities in TianoCompress and UEFICompress decompression algorithm may allow authenticated user to potentially manipulate stack and heap buffers via local access.

https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s