edk2-ovmf vulnerabilities

Known vulnerabilities in the edk2-ovmf package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Heap-based Buffer Overflow	<0:20240813-296.amzn2
H Buffer Overflow	<0:20240813-296.amzn2
H CVE-2021-38576	<0:20240813-296.amzn2
H Out-of-bounds Write	<0:20240813-296.amzn2
H Buffer Underflow	<0:20240813-296.amzn2
H Information Exposure	<0:20240813-296.amzn2
H Release of Invalid Pointer or Reference	<0:20240813-296.amzn2
H Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<0:20240813-296.amzn2
M Information Exposure	<0:20200801stable-1.amzn2.0.8
M Divide By Zero	<0:20200801stable-1.amzn2.0.7
M Resource Exhaustion	<0:20200801stable-1.amzn2.0.6
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:20200801stable-1.amzn2.0.5
H Resource Exhaustion	<0:20200801stable-1.amzn2.0.5
H Resource Exhaustion	<0:20200801stable-1.amzn2.0.5
H Double Free	<0:20200801stable-1.amzn2.0.5
H Improper Certificate Validation	<0:20200801stable-1.amzn2.0.5
H Improper Certificate Validation	<0:20200801stable-1.amzn2.0.5
H Improper Certificate Validation	<0:20200801stable-1.amzn2.0.5
H Integer Overflow or Wraparound	<0:20200801stable-1.amzn2.0.5
H NULL Pointer Dereference	<0:20200801stable-1.amzn2.0.5
H Incorrect Type Conversion or Cast	<0:20200801stable-1.amzn2.0.5
H Missing Required Cryptographic Step	<0:20200801stable-1.amzn2.0.5
H Information Exposure	<0:20200801stable-1.amzn2.0.5
H Use After Free	<0:20200801stable-1.amzn2.0.5
H NULL Pointer Dereference	<0:20200801stable-1.amzn2.0.5
H NULL Pointer Dereference	<0:20200801stable-1.amzn2.0.5
H NULL Pointer Dereference	<0:20200801stable-1.amzn2.0.5
H Arbitrary Command Injection	<0:20200801stable-1.amzn2.0.5
H Excessive Iteration	<0:20200801stable-1.amzn2.0.5
H Out-of-bounds Read	<0:20200801stable-1.amzn2.0.5
H Arbitrary Command Injection	<0:20200801stable-1.amzn2.0.5
H Missing Required Cryptographic Step	<0:20200801stable-1.amzn2.0.5
H Resource Exhaustion	<0:20200801stable-1.amzn2.0.5
H Out-of-Bounds	<0:20200801stable-1.amzn2.0.4
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:20200801stable-1.amzn2.0.4
H Out-of-Bounds	<0:20200801stable-1.amzn2.0.4
H Out-of-bounds Read	<0:20200801stable-1.amzn2.0.4
H Out-of-Bounds	<0:20200801stable-1.amzn2.0.4
H NULL Pointer Dereference	<0:20200801stable-1.amzn2.0.4
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:20200801stable-1.amzn2.0.4
H Out-of-Bounds	<0:20200801stable-1.amzn2.0.4
M Integer Overflow to Buffer Overflow	<0:20200801stable-1.amzn2.0.3
M Integer Overflow to Buffer Overflow	<0:20200801stable-1.amzn2.0.3
M Excessive Iteration	<0:20200801stable-1.amzn2.0.2
M CVE-2019-14587	<0:20200801stable-1.amzn2.0.1
M CVE-2019-14575	<0:20200801stable-1.amzn2.0.1
M Memory Leak	<0:20200801stable-1.amzn2.0.1
M Out-of-bounds Write	<0:20200801stable-1.amzn2.0.1
M Use After Free	<0:20200801stable-1.amzn2.0.1
M CVE-2019-14558	<0:20200801stable-1.amzn2.0.1
M Out-of-bounds Write	<0:20190501stable-2.amzn2.0.1
M Out-of-bounds Write	<0:20190501stable-2.amzn2.0.1
M Unintended Proxy or Intermediary ('Confused Deputy')	<0:20190501stable-2.amzn2.0.1
M CVE-2018-12179	<0:20190501stable-2.amzn2.0.1
M Out-of-bounds Write	<0:20190501stable-2.amzn2.0.1
H Out-of-bounds Write	<0:20190308stable-1.amzn2.0.1
H CVE-2018-3613	<0:20190308stable-1.amzn2.0.1
H Improper Authentication	<0:20190308stable-1.amzn2.0.1
H Improper Authentication	<0:20190308stable-1.amzn2.0.1
H Out-of-Bounds	<0:20190308stable-1.amzn2.0.1
H Improper Certificate Validation	<0:20190308stable-1.amzn2.0.1
H Improper Authentication	<0:20190308stable-1.amzn2.0.1
H Out-of-bounds Write	<0:20190308stable-1.amzn2.0.1
H Out-of-Bounds	<0:20190308stable-1.amzn2.0.1
H Improper Authentication	<0:20190308stable-1.amzn2.0.1

Vulnerability

Vulnerable Version

Heap-based Buffer Overflow

<0:20240813-296.amzn2

Buffer Overflow

<0:20240813-296.amzn2

CVE-2021-38576

<0:20240813-296.amzn2

Out-of-bounds Write

<0:20240813-296.amzn2

Buffer Underflow

<0:20240813-296.amzn2