CVE-2014-4859

Summary

Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.

Affected Software

VendorProductVersion RangeStatus
Phoenix Technologies Ltd.SCT3before 5/23/2014affected
American Megatrends Incorporated (AMI)BIOSunknownaffected

Weaknesses

  • Integer Overflow

ADP Enrichment

CVE Program Container

Additional References

References