CVE-2014-4859
6.8
MEDIUM
CVSS 3.1
EPSS 0.06%
Description
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
How to fix CVE-2014-4859
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/edk2—no fix listed
Is CVE-2014-4859 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |