CVE-2014-4860

Priority
Description
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase
in the Capsule Update feature in the UEFI implementation in EDK2 allow
physically proximate attackers to bypass intended access restrictions by
providing crafted data that is not properly handled during the coalescing
phase.
Notes
Package
Source: edk2 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
More Information

Updated: 2020-07-28 19:52:24 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)