CNNVD-202512-3707 Information
Dec 18, 2025
cve
CNNVD ID
CNNVD-202512-3707
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
EDK2是Tianocore社区的一套基于UEFI和PI规范的跨平台固件开发环境。 EDK2存在安全漏洞,该漏洞源于引导加载程序中加载无效固件时存在内存损坏。
Description (English)
EDK2 is a set of cross-platform solidware development environments based on UEFI and PI norms in the community of Tianocore. There is a security loophole in EDK2, which results from memory damage at the time of loading invalid solids in the guided loading procedure.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
tianocore
Published
2025-12-18
Last Modified
2026-02-24
References
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html
Patch
https://git.codelinaro.org/clo/la/abl/tianocore/edk2
Share on: