{"id":"CVE-2019-11098","details":"Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.","modified":"2026-03-12T22:57:53.434932Z","published":"2021-07-14T14:15:07.937Z","related":["SUSE-SU-2023:0004-1","SUSE-SU-2023:0036-1"],"references":[{"type":"ADVISORY","url":"https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11098.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}