Homepage

edk2-ovmf

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the edk2-ovmf package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
NULL Pointer Dereference

<0:20240813-307.amzn2
  • H
CVE-2026-28387

<0:20240813-307.amzn2
  • H
NULL Pointer Dereference

<0:20240813-307.amzn2
  • H
Improper Handling of Missing Special Element

<0:20240813-307.amzn2
  • H
NULL Pointer Dereference

<0:20240813-306.amzn2
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:20240813-306.amzn2
  • H
Out-of-bounds Write

<0:20240813-306.amzn2
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:20240813-306.amzn2
  • H
Improper Validation of Specified Type of Input

<0:20240813-306.amzn2
  • H
Missing Required Cryptographic Step

<0:20240813-306.amzn2
  • H
Incorrect Calculation of Buffer Size

<0:20240813-306.amzn2
  • M
Information Exposure

<0:20240813-305.amzn2
  • M
Improper Input Validation

<0:20240813-305.amzn2
  • M
Out-of-bounds Write

<0:20240813-304.amzn2
  • M
CVE-2024-38805

<0:20240813-303.amzn2
  • H
CVE-2025-3770

<0:20240813-302.amzn2
  • M
Out-of-bounds Read

<0:20240813-301.amzn2
  • L
CVE-2025-2295

<0:20240813-300.amzn2
  • M
Covert Timing Channel

<0:20240813-298.amzn2
  • H
Heap-based Buffer Overflow

<0:20240813-296.amzn2
  • H
Buffer Overflow

<0:20240813-296.amzn2
  • H
CVE-2021-38576

<0:20240813-296.amzn2
  • H
Out-of-bounds Write

<0:20240813-296.amzn2
  • H
Buffer Underflow

<0:20240813-296.amzn2
  • H
Information Exposure

<0:20240813-296.amzn2
  • H
Release of Invalid Pointer or Reference

<0:20240813-296.amzn2
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<0:20240813-296.amzn2
  • M
Information Exposure

<0:20200801stable-1.amzn2.0.8
  • M
Divide By Zero

<0:20200801stable-1.amzn2.0.7
  • M
Resource Exhaustion

<0:20200801stable-1.amzn2.0.6
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:20200801stable-1.amzn2.0.5
  • H
Resource Exhaustion

<0:20200801stable-1.amzn2.0.5
  • H
Resource Exhaustion

<0:20200801stable-1.amzn2.0.5
  • H
Double Free

<0:20200801stable-1.amzn2.0.5
  • H
Improper Certificate Validation

<0:20200801stable-1.amzn2.0.5
  • H
Improper Certificate Validation

<0:20200801stable-1.amzn2.0.5
  • H
Improper Certificate Validation

<0:20200801stable-1.amzn2.0.5
  • H
Integer Overflow or Wraparound

<0:20200801stable-1.amzn2.0.5
  • H
NULL Pointer Dereference

<0:20200801stable-1.amzn2.0.5
  • H
Incorrect Type Conversion or Cast

<0:20200801stable-1.amzn2.0.5
  • H
Missing Required Cryptographic Step

<0:20200801stable-1.amzn2.0.5
  • H
Information Exposure

<0:20200801stable-1.amzn2.0.5
  • H
Use After Free

<0:20200801stable-1.amzn2.0.5
  • H
NULL Pointer Dereference

<0:20200801stable-1.amzn2.0.5
  • H
NULL Pointer Dereference

<0:20200801stable-1.amzn2.0.5
  • H
NULL Pointer Dereference

<0:20200801stable-1.amzn2.0.5
  • H
Arbitrary Command Injection

<0:20200801stable-1.amzn2.0.5
  • H
Excessive Iteration

<0:20200801stable-1.amzn2.0.5
  • H
Out-of-bounds Read

<0:20200801stable-1.amzn2.0.5
  • H
Arbitrary Command Injection

<0:20200801stable-1.amzn2.0.5
  • H
Missing Required Cryptographic Step

<0:20200801stable-1.amzn2.0.5
  • H
Resource Exhaustion

<0:20200801stable-1.amzn2.0.5
  • H
Out-of-Bounds

<0:20200801stable-1.amzn2.0.4
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:20200801stable-1.amzn2.0.4
  • H
Out-of-Bounds

<0:20200801stable-1.amzn2.0.4
  • H
Out-of-bounds Read

<0:20200801stable-1.amzn2.0.4
  • H
Out-of-Bounds

<0:20200801stable-1.amzn2.0.4
  • H
NULL Pointer Dereference

<0:20200801stable-1.amzn2.0.4
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:20200801stable-1.amzn2.0.4
  • H
Out-of-Bounds

<0:20200801stable-1.amzn2.0.4
  • M
Integer Overflow to Buffer Overflow

<0:20200801stable-1.amzn2.0.3
  • M
Integer Overflow to Buffer Overflow

<0:20200801stable-1.amzn2.0.3
  • M
Excessive Iteration

<0:20200801stable-1.amzn2.0.2
  • M
CVE-2019-14587

<0:20200801stable-1.amzn2.0.1
  • M
CVE-2019-14575

<0:20200801stable-1.amzn2.0.1
  • M
Memory Leak

<0:20200801stable-1.amzn2.0.1
  • M
Out-of-bounds Write

<0:20200801stable-1.amzn2.0.1
  • M
Use After Free

<0:20200801stable-1.amzn2.0.1
  • M
CVE-2019-14558

<0:20200801stable-1.amzn2.0.1
  • M
Out-of-bounds Write

<0:20190501stable-2.amzn2.0.1
  • M
Out-of-bounds Write

<0:20190501stable-2.amzn2.0.1
  • M
Unintended Proxy or Intermediary ('Confused Deputy')

<0:20190501stable-2.amzn2.0.1
  • M
CVE-2018-12179

<0:20190501stable-2.amzn2.0.1
  • M
Out-of-bounds Write

<0:20190501stable-2.amzn2.0.1
  • H
Out-of-bounds Write

<0:20190308stable-1.amzn2.0.1
  • H
CVE-2018-3613

<0:20190308stable-1.amzn2.0.1
  • H
Out-of-Bounds

<0:20190308stable-1.amzn2.0.1
  • H
Out-of-bounds Write

<0:20190308stable-1.amzn2.0.1
  • H
Out-of-Bounds

<0:20190308stable-1.amzn2.0.1