CVE-2018-12181 - Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial

CVE-2018-12181

Summary

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

References

Vulnerable Configurations

cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*
cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*

CVSS

Base:	3.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2019:2125
rhsa
id RHSA-2019:3338

rpms

OVMF-0:20180508-6.gitee3198e672e2.el7
edk2-aarch64-0:20190308git89910a39dcfd-6.el8
edk2-ovmf-0:20190308git89910a39dcfd-6.el8

refmap via4

confirm	https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
fedora	FEDORA-2019-bff1cbaba3
suse	openSUSE-SU-2019:1139 openSUSE-SU-2019:1172
ubuntu	USN-4349-1

Last major update

24-08-2020 - 17:37

Published

27-03-2019 - 20:29

Last modified

24-08-2020 - 17:37