A local authenticated attacker may be able to execute arbitrary code with the privileges of system firmware, potentially allowing for persistent firmware level rootkits, bypassing of Secure Boot, or permanently DoS'ing the platform.
Vulnerability Note VU#552286 - UEFI EDK2 Capsule Update vulnerabilities

https://www.mitre.org/capabilities/c...ege-escalation