Lucene search
F5F5:K15679HistoryOct 09, 2014 - 12:00 a.m.
K15679 : UEFI EDK2 Capsule Update vulnerabilities CVE-2014-4859 / CVE-2014-4860
2014-10-0900:00:00
my.f5.com
43
Security Advisory Description
CVE-2014-4859
During the Drive Execution Environment (DXE) phase of the UEFI boot process, the contents of the capsule image are parsed during processing. An integer overflow vulnerability exists in the capsule processing phase that can cause the allocation of a buffer to be unexpectedly small. As a result, attacker-controlled data can be written past the bounds of the buffer.
CVE-2014-4860
During the Pre-EFI Initialization (PEI) phase of the UEFI boot process, the capsule update is coalesced into its original form. Multiple integer overflow vulnerabilities exist in the coalescing phase that can be used to trigger a write-what-where condition.
Impact
None. No F5 products are affected by these vulnerabilities.
Related
securityvulns
securityvulns
[security bulletin] HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code
2014-08-11 00:00:00
HP desktops and notebooks code execution
2014-08-11 00:00:00
lenovo
lenovo
UEFI EDK2 Capsule Update Vulnerabilities - Lenovo Support US
2016-07-22 00:00:00
UEFI EDK2 Capsule Update Vulnerabilities
2016-07-22 00:00:00
cert
cert
UEFI EDK2 Capsule Update vulnerabilities
2014-08-07 00:00:00
f5
f5
prion
prion
Integer overflow
2020-01-31 16:15:00
Integer overflow
2020-01-31 16:15:00
cve
cve
CVE-2014-4859
2020-01-31 16:15:10
CVE-2014-4860
2020-01-31 16:15:10
nvd
nvd
CVE-2014-4859
2020-01-31 16:15:10
CVE-2014-4860
2020-01-31 16:15:10
cvelist
cvelist
CVE-2014-4859
2020-01-31 15:08:20
CVE-2014-4860
2020-01-31 15:08:16
ubuntucve
ubuntucve
CVE-2014-4859
2020-01-31 00:00:00
CVE-2014-4860
2020-01-31 00:00:00
debiancve
debiancve
CVE-2014-4859
2020-01-31 16:15:10
CVE-2014-4860
2020-01-31 16:15:10
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)
2018-05-15 00:00:00