Fluid Attacks Database

Description

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	OVMF	<0:20180508-6.gitee3198e672e2.el7	0:20180508-6.gitee3198e672e2.el7

Aliases

1. CVE-2018-36132. NVD-2018-36133. OSV-2018-3613

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.