All the vulnerabilites related to American Megatrends Incorporated (AMI) - BIOS
cve-2014-4860
Vulnerability from cvelistv5
Published
2020-01-31 15:08
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/552286 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/552286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCT3",
"vendor": "Phoenix Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "before 5/23/2014"
}
]
},
{
"product": "BIOS",
"vendor": "American Megatrends Incorporated (AMI)",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"datePublic": "2014-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T15:08:16",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/552286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCT3",
"version": {
"version_data": [
{
"version_value": "before 5/23/2014"
}
]
}
}
]
},
"vendor_name": "Phoenix Technologies Ltd."
},
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "American Megatrends Incorporated (AMI)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/552286",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/552286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4860",
"datePublished": "2020-01-31T15:08:16",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4859
Vulnerability from cvelistv5
Published
2020-01-31 15:08
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/552286 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/552286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCT3",
"vendor": "Phoenix Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "before 5/23/2014"
}
]
},
{
"product": "BIOS",
"vendor": "American Megatrends Incorporated (AMI)",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"datePublic": "2014-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T15:08:20",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/552286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCT3",
"version": {
"version_data": [
{
"version_value": "before 5/23/2014"
}
]
}
}
]
},
"vendor_name": "Phoenix Technologies Ltd."
},
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "American Megatrends Incorporated (AMI)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/552286",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/552286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4859",
"datePublished": "2020-01-31T15:08:20",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}