Information on source package edk2

Available versions

ReleaseVersion
jessie/non-free0~20131112.2590861a-3
stretch0~20161202.7bbe0b3e-1+deb9u2
buster0~20181115.85588389-3+deb10u3
bullseye2020.11-2+deb11u1
bullseye (security)2020.11-2+deb11u2
bookworm2022.11-6
bookworm (security)2022.11-6+deb12u1
trixie2024.02-2
sid2024.02-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-48733vulnerablevulnerablevulnerablefixedfixedfixedfixedAn insecure default to allow UEFI Shell in EDK2 was left enabled in Ub ...
CVE-2023-45237vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableEDK2's Network Package is susceptible to a predictable TCP Initial Seq ...
CVE-2023-45236vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableEDK2's Network Package is susceptible to a predictable TCP Initial Seq ...
CVE-2023-45235vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2's Network Package is susceptible to a buffer overflow vulnerabili ...
CVE-2023-45234vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2's Network Package is susceptible to a buffer overflow vulnerabili ...
CVE-2023-45233vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2's Network Package is susceptible to an infinite lop vulnerability ...
CVE-2023-45232vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2's Network Package is susceptible to an infinite loop vulnerabilit ...
CVE-2023-45231vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2's Network Package is susceptible to an out-of-bounds read vulner ...
CVE-2023-45230vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2's Network Package is susceptible to a buffer overflow vulnerabili ...
CVE-2023-45229vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2's Network Package is susceptible to an out-of-bounds read vulner ...
CVE-2022-36765vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2 is susceptible to a vulnerability in the CreateHob() function, al ...
CVE-2022-36764vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() fun ...
CVE-2022-36763vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedEDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() fu ...
CVE-2021-38578vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedExisting CommBuffer checks in SmmEntryPoint will not catch underflow w ...
CVE-2021-38577vulnerablevulnerableunknownunknownunknownunknownunknown
CVE-2021-38576vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableA BIOS bug in firmware for a particular PC model leaves the Platform a ...
CVE-2021-38575vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedNetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
CVE-2021-28216vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedBootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...
CVE-2021-28213vulnerablevulnerablevulnerablefixedfixedfixedfixedExample EDK2 encrypted private key in the IpSecDxe.efi present potenti ...
CVE-2021-28211vulnerablefixedvulnerable (no DSA)fixedfixedfixedfixedA heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
CVE-2021-28210vulnerablefixedvulnerable (no DSA)fixedfixedfixedfixedAn unlimited recursion in DxeCore in EDK II.
CVE-2019-14587vulnerablefixedfixedfixedfixedfixedfixedLogic issue EDK II may allow an unauthenticated user to potentially en ...
CVE-2019-14586vulnerablefixedfixedfixedfixedfixedfixedUse after free vulnerability in EDK II may allow an authenticated user ...
CVE-2019-14584vulnerablefixedfixedfixedfixedfixedfixedNull pointer dereference in Tianocore EDK2 may allow an authenticated ...
CVE-2019-14575vulnerablefixedfixedfixedfixedfixedfixedLogic issue in DxeImageVerificationHandler() for EDK II may allow an a ...
CVE-2019-14563vulnerablefixedfixedfixedfixedfixedfixedInteger truncation in EDK II may allow an authenticated user to potent ...
CVE-2019-14562vulnerablefixedfixedfixedfixedfixedfixedInteger overflow in DxeImageVerificationHandler() EDK II may allow an ...
CVE-2019-14560vulnerableunknownunknownunknownunknownunknownunknown
CVE-2019-14559vulnerablefixedfixedfixedfixedfixedfixedUncontrolled resource consumption in EDK II may allow an unauthenticat ...
CVE-2019-14558vulnerablefixedfixedfixedfixedfixedfixedInsufficient control flow management in BIOS firmware for 8th, 9th, 10 ...
CVE-2019-11098vulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedInsufficient input validation in MdeModulePkg in EDKII may allow an un ...
CVE-2019-0161vulnerablefixedfixedfixedfixedfixedfixedStack overflow in XHCI for EDK II may allow an unauthenticated user to ...
CVE-2019-0160vulnerablevulnerablefixedfixedfixedfixedfixedBuffer overflow in system firmware for EDK II may allow unauthenticate ...
CVE-2018-12183vulnerablevulnerable (no DSA, ignored)fixedfixedfixedfixedfixedStack overflow in DxeCore for EDK II may allow an unauthenticated user ...
CVE-2018-12181vulnerablefixedfixedfixedfixedfixedfixedStack overflow in corrupted bmp for EDK II may allow unprivileged user ...
CVE-2018-12180vulnerablefixedfixedfixedfixedfixedfixedBuffer overflow in BlockIo service for EDK II may allow an unauthentic ...
CVE-2018-12178vulnerablefixedfixedfixedfixedfixedfixedBuffer overflow in network stack for EDK II may allow unprivileged use ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2019-14553vulnerablevulnerablevulnerablefixedfixedfixedfixedImproper authentication in EDK II may allow a privileged user to poten ...
CVE-2018-12182vulnerablevulnerablevulnerablefixedfixedfixedfixedInsufficient memory write check in SMM service for EDK II may allow an ...
CVE-2018-12179vulnerablevulnerablevulnerablefixedfixedfixedfixedImproper configuration in system firmware for EDK II may allow unauthe ...
CVE-2014-4860vulnerablevulnerablevulnerablefixedfixedfixedfixedMultiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...
CVE-2014-4859vulnerablevulnerablevulnerablefixedfixedfixedfixedInteger overflow in the Drive Execution Environment (DXE) phase in the ...

Security announcements

DSA / DLADescription
DSA-5624-1edk2 - security update
DLA-2645-1edk2 - security update

Search for package or bug name: Reporting problems