Bugzilla – Bug 1131360
VUL-0: CVE-2018-12179: ovmf,OVMF: edk2: improper configuration insystem firmware leads to privilege escalation
Last modified: 2019-04-11 04:45:41 UTC
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
This vulnerability is about the driver of TCG Opal, a.k.a. Self-Encrypting Disk. AFAIK, qemu doesn't support SED, so we don't need the patch.
Bruce, could you confirm that?
(In reply to Gary Ching-Pang Lin from comment #1)
> This vulnerability is about the driver of TCG Opal, a.k.a. Self-Encrypting
> Disk. AFAIK, qemu doesn't support SED, so we don't need the patch.
> Bruce, could you confirm that?
Correct, qemu does not deal with SED at all.
Then we don't need the patch.