11. Overwrite from FirmwarePerformance Variable

Description:

The FirmwarePerformance variable contained an address used to store performance statistics without checking the validity of the target location.

Recommendation:

This is addressed by EDK2 SVN https://sourceforge.net/p/edk2/code/14369.

Acknowledgments:

Reported by the Advanced Threat Research Team at Intel Security.