{
  "threat_severity" : "Moderate",
  "public_date" : "2020-11-19T00:00:00Z",
  "bugzilla" : {
    "description" : "edk2: unlimited FV recursion, round 2",
    "id" : "1883552",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1883552"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-674",
  "details" : [ "An unlimited recursion in DxeCore in EDK II.", "A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4198",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "edk2-0:20210527gite1999b264f1f-3.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ovmf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "edk2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-28210\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28210" ],
  "name" : "CVE-2021-28210",
  "csaw" : false
}