Multiple privilege escalation vulnerabilities in TianoCompress and UEFICompress decompression algorithm may allow authenticated user to potentially manipulate stack and heap buffers via local access.
Elevation of Privilege
Medium 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
This addresses the following issue in Tianocore Bugzilla:
https://bugzilla.tianocore.org/show_bug.cgi?id=686
The patch to update firmware is:
https://bugzilla.tianocore.org/attachment.cgi?id=150
These issues were discovered by multiple parties including Intel and Eclypsium.
CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, and CVE-2017-5735