38. SW SMI Confused Deputy SmramSaveState.c
Description:
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Impact:
Escalation of Privilege, Information Disclosure and/or Denial of Service
Severity:
High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Recommendation:
Patch:
Acknowledgments:
Intel Team
References:
CVE-2018-12182
EDK II Bugzilla #1136