Browse all 8 CVE security advisories affecting Extensible Firmware Interface Development Kit (EDK II). AI-powered Chinese analysis, POCs, and references for each vulnerability.
EDK II serves as a primary framework for developing firmware components compliant with the UEFI specification, enabling hardware manufacturers to create standardized, cross-platform firmware solutions. Historically, vulnerabilities in EDK II have frequently involved remote code execution, privilege escalation, and memory corruption flaws due to complex parsing routines and insufficient input validation. The project's 8 recorded CVEs highlight ongoing security challenges, with notable incidents including buffer overflows in firmware modules that could allow attackers to bypass secure boot mechanisms. EDK II's modular architecture, while flexible, introduces multiple attack surfaces requiring rigorous security testing to prevent firmware-level compromises that persist across operating system reloads.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-0161 | XHCI for EDK2 缓冲区错误漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 5.5 | - | 2019-03-27 |
| CVE-2018-12181 | EDK2 缓冲区错误漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 6.0 | - | 2019-03-27 |
| CVE-2018-12180 | EDK2 缓冲区错误漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 9.8 | - | 2019-03-27 |
| CVE-2018-12179 | EDK2 配置错误漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 7.8 | - | 2019-03-27 |
| CVE-2018-12178 | EDK2 安全漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 9.8 | - | 2019-03-27 |
| CVE-2018-12182 | EDK2 安全漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 7.8 | - | 2019-03-27 |
| CVE-2018-12183 | EDK2 缓冲区错误漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 7.8 | - | 2019-03-27 |
| CVE-2018-3613 | EDK2 权限许可和访问控制问题漏洞 — Extensible Firmware Interface Development Kit (EDK II) | 7.8 | - | 2019-03-27 |
This page lists every published CVE security advisory associated with Extensible Firmware Interface Development Kit (EDK II). Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.