36. Buffer Overflow in BlockIo service for RAM disk

Description:

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

Impact:

Escalation of Privilege, Information Disclosure and/or Denial of service

Severity:

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Recommendation:

EDK II Commits:

• https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
• https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f

Patch:

• https://bugzilla.tianocore.org/attachment.cgi?id=233

Acknowledgments:

Intel Team

References:

CVE-2018-12180

EDK II Bugzilla #1134