31. EDK II TianoCompress Bounds Checking Issues
Multiple privilege escalation vulnerabilities in TianoCompress and UEFICompress decompression algorithm may allow authenticated user to potentially manipulate stack and heap buffers via local access.
Elevation of Privilege
Medium 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
This addresses the following issue in Tianocore Bugzilla:
The patch to update firmware is:
These issues were discovered by multiple parties including Intel and Eclypsium.
CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, and CVE-2017-5735