Description
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/552286
Scores
CVSS v3
6.8
EPSS
0.0059
EPSS Percentile
43.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
tianocore/edk2
Published
Jan 31, 2020
Tracked Since
Feb 18, 2026