{"id":"CVE-2018-3613","details":"Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.","modified":"2026-05-18T05:51:43.689043319Z","published":"2019-03-27T20:29:03.770Z","related":["SUSE-SU-2018:4155-1","SUSE-SU-2018:4194-1","SUSE-SU-2018:4207-1","openSUSE-SU-2024:11134-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"udk2015"}],"vendor_product":"tianocore:edk_ii","source":"CPE_FIELD","cpes":["cpe:2.3:a:tianocore:edk_ii:udk2015:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/"},{"type":"WEB","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2125"},{"type":"FIX","url":"https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tianocore/edk2","events":[{"introduced":"0"},{"last_affected":"324a4c9d7d512f3bf78fe782803d3a8a09c69f73"},{"last_affected":"3e72ffe8afdd03f1f89eba65c921cbdcb004cfee"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"udk2017"},{"last_affected":"udk2018"}],"source":"CPE_FIELD","cpe":["cpe:2.3:a:tianocore:edk_ii:udk2017:*:*:*:*:*:*:*","cpe:2.3:a:tianocore:edk_ii:udk2018:*:*:*:*:*:*:*"]}}],"versions":["vUDK2018","vUDK2017"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3613.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}