@dangoodin @matrosov The fact that these seem to have been caught by fuzz tests makes me feel like sometimes there needs to be legal consequences for not doing the bare minimum in software security when it's as critical as EFI. This sounds like negligence.