CVE-2018-12182

MEDIUM

EDK II - Privilege Escalation/Info Disclosure/Denial of Service

Title source: llm

Description

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

References (4)

[Patch, Vendor Advisory] https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107648

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/

Scores

CVSS v3 6.7

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-441

Status published

Products (1)

tianocore/edk_ii

Published Mar 27, 2019

Tracked Since Feb 18, 2026