CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
References
Link Resource
http://www.kb.cert.org/vuls/id/552286 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*

Information

Published : 2020-01-31 16:15

Updated : 2020-02-07 17:43


NVD link : CVE-2014-4860

Mitre link : CVE-2014-4860


JSON object : View

Products Affected

tianocore

  • edk2
CWE
CWE-190

Integer Overflow or Wraparound