CVE-2019-14562

Published: 23 November 2020

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian
Upstream
Released (2020.05-4)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2020.08-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2020.05-5)
Ubuntu 20.04 LTS (Focal Fossa)
Released (0~20191122.bd85bf54-2ubuntu3.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0~20180205.c0d9813c-2ubuntu0.3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (0~20160408.ffea0a2c-2ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/tianocore/edk2/commit/503248ccdf45c14d4040ce44163facdc212e4991
Upstream: https://github.com/tianocore/edk2/commit/a7632e913c1c106f436aefd5e76c394249c383a8
Upstream: https://github.com/tianocore/edk2/commit/0b143fa43e92be15d11e22f80773bcb1b2b0608f