CVE-2014-4860
MEDIUMEDK2 - Integer Overflow in Capsule Update PEI Boot Phase
Title source: llmDescription
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/552286
Scores
CVSS v3
6.8
EPSS
0.0050
EPSS Percentile
39.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
tianocore/edk2
Published
Jan 31, 2020
Tracked Since
Feb 18, 2026