37. XHCI stack local stack overflow

Description:

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.

Impact:

Denial of Service

Severity:

Medium 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Recommendation:

EDK II Commits:

• https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359
• https://github.com/tianocore/edk2/commit/72750e3bf9174f15c17e78f0f117b5e7311bb49f

Acknowledgments:

Microsoft

References:

CVE-2019-0161

EDK II Bugzilla #973