Candidate: CVE-2019-0160
PublicDate: 2019-03-27 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0160
Description:
 Buffer overflow in system firmware for EDK II may allow unauthenticated
 user to potentially enable escalation of privilege and/or denial of service
 via network access.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_edk2:
 upstream: https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370
 upstream: https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219
 upstream: https://github.com/tianocore/edk2/commit/5c0748f43f4e1cc15fdd0be64a764eacd7df92f6
 upstream: https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
 upstream: https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
upstream_edk2: released (0~20181115.85588389-1)
precise/esm_edk2: DNE
trusty_edk2: not-affected (code not present)
trusty/esm_edk2: DNE (trusty was not-affected [code not present])
xenial_edk2: not-affected (code not present)
bionic_edk2: needed
cosmic_edk2: ignored (reached end-of-life)
disco_edk2: not-affected (0~20181115.85588389-2ubuntu1)
eoan_edk2: not-affected (0~20181115.85588389-2ubuntu1)
focal_edk2: not-affected (0~20181115.85588389-2ubuntu1)
groovy_edk2: not-affected (0~20181115.85588389-2ubuntu1)
hirsute_edk2: not-affected (0~20181115.85588389-2ubuntu1)
impish_edk2: not-affected (0~20181115.85588389-2ubuntu1)
jammy_edk2: not-affected (0~20181115.85588389-2ubuntu1)
devel_edk2: not-affected (0~20181115.85588389-2ubuntu1)