Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. (CVE-2021-28210)
Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-28211)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0~20191122.bd85bf54-2ubuntu3.2", "binary_name": "ovmf" }, { "binary_version": "0~20191122.bd85bf54-2ubuntu3.2", "binary_name": "qemu-efi" }, { "binary_version": "0~20191122.bd85bf54-2ubuntu3.2", "binary_name": "qemu-efi-aarch64" }, { "binary_version": "0~20191122.bd85bf54-2ubuntu3.2", "binary_name": "qemu-efi-arm" } ] }