Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TianoCore — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting TianoCore. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TianoCore is an open-source implementation of the Unified Extensible Firmware Interface (UEFI) and Platform Initialization (PI) specifications, primarily serving as the firmware foundation for modern server and desktop hardware. Its core function involves initializing hardware components and launching operating systems before the OS takes control. Historically, vulnerabilities within TianoCore have predominantly involved buffer overflows, integer overflows, and improper input validation, which can lead to remote code execution or privilege escalation during the boot process. These flaws often stem from complex interactions between firmware modules and hardware peripherals. While major public incidents are less frequent than in application software, the critical nature of firmware means that successful exploitation can compromise system integrity at a level deeper than traditional software attacks. The current record of twenty-seven CVEs highlights ongoing challenges in securing low-level code, emphasizing the need for rigorous static analysis and formal verification in firmware development to mitigate risks associated with early-stage system initialization.

Top products by TianoCore: EDK2 EDK II
CVE IDTitleCVSSSeverityPublished
CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode — EDK2CWE-20 7.8AIHighAI2025-12-09
CVE-2024-38798 Uncleared password keystrokes in circular queue can lead to information disclosure or escalation of privilege — EDK2CWE-200 7.8AIHighAI2025-12-09
CVE-2024-38805 iSCSI Remote Memory Corruption and Denial of Service — EDK2CWE-190 6.3 Medium2025-08-12
CVE-2025-3770 SMM IDT Privilege Escalation Vulnerability — EDK2CWE-693 7.0 High2025-08-07
CVE-2024-38797 Out-of-bounds Read in HashPeImageByType() — EDK2CWE-125 4.6 Medium2025-04-07
CVE-2025-2295 Potential iSCSI R2T PDU Vulnerability — EDK2CWE-190 3.5 Low2025-03-14
CVE-2024-38796 Integer overflow in PeCoffLoaderRelocateImage — EDK2CWE-122 5.9 Medium2024-09-27
CVE-2024-1298 Integer Overflow caused by divide by zero during S3 suspension — edk2CWE-369 6.0 Medium2024-05-30
CVE-2023-45234 Buffer Overflow in EDK II Network Package — edk2CWE-119 8.3 High2024-01-16
CVE-2023-45233 Infinite loop in EDK II Network Package — edk2CWE-835 7.5 High2024-01-16
CVE-2023-45232 Infinite loop in EDK II Network Package — edk2CWE-835 7.5 High2024-01-16
CVE-2023-45235 Buffer Overflow in EDK II Network Package — edk2CWE-119 8.3 High2024-01-16
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package — edk2CWE-338 5.3 Medium2024-01-16
CVE-2023-45236 Predictable TCP ISNs in EDK II Network Package — edk2CWE-200 5.8 Medium2024-01-16
CVE-2023-45231 Out-of-Bounds Read in EDK II Network Package — edk2CWE-125 6.5 Medium2024-01-16
CVE-2023-45230 Buffer Overflow in EDK II Network Package — edk2CWE-119 8.3 High2024-01-16
CVE-2023-45229 Out-of-Bounds Read in EDK II Network Package — edk2CWE-125 6.5 Medium2024-01-16
CVE-2022-36765 Integer Overflow in CreateHob — edk2CWE-680 7.0 High2024-01-09
CVE-2022-36764 Heap Buffer Overflow in Tcg2MeasurePeImage — edk2CWE-122 7.0 High2024-01-09
CVE-2022-36763 Heap Buffer Overflow in Tcg2MeasureGptTable — edk2CWE-122 7.0 High2024-01-09
CVE-2021-38578 Tianocore Edk2 缓冲区错误漏洞 — EDK IICWE-124 7.4 High2022-03-03
CVE-2021-38575 Tianocore Edk2 缓冲区错误漏洞 — EDK IICWE-124 8.1 -2021-12-01
CVE-2021-28216 Tianocore Edk2 安全漏洞 — EDK IICWE-587 7.7 -2021-08-05
CVE-2021-28213 TianoCore EDK2 加密问题漏洞 — EDK II 9.1 -2021-06-11
CVE-2021-28211 SUSE ovmf 缓冲区错误漏洞 — EDK IICWE-122 6.7 -2021-06-11
CVE-2021-28210 SUSE ovmf 安全漏洞 — EDK IICWE-674 7.1 -2021-06-11
CVE-2014-8271 Tianocore EDK2 缓冲区错误漏洞 — EDK2 6.8 -2020-02-06

This page lists every published CVE security advisory associated with TianoCore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.