CVE-2019-14575

Published: 31 December 2019

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2020.05-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0~20191122.bd85bf54-2ubuntu3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0~20180205.c0d9813c-2ubuntu0.2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (0~20160408.ffea0a2c-2ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://github.com/tianocore/edk2/commit/fbb96072233b5eaecf4d229cbee47b13dcab39e1
Upstream: https://github.com/tianocore/edk2/commit/c13742b180095e5181e41dffda954581ecbd9b9c
Upstream: https://github.com/tianocore/edk2/commit/9e569700901857d0ba418ebdd30b8086b908688c
Upstream: https://github.com/tianocore/edk2/commit/929d1a24d12822942fd4f9fa83582e27f92de243
Upstream: https://github.com/tianocore/edk2/commit/adc6898366298d1f64b91785e50095527f682758
Upstream: https://github.com/tianocore/edk2/commit/a83dbf008cc73406cbdc0d5ac3164cc19fff6683
Upstream: https://github.com/tianocore/edk2/commit/5cd8be6079ea7e5638903b2f3da0f4c10ec7f1da
Upstream: https://github.com/tianocore/edk2/commit/cb30c8f25162e6d8142c6b098f14c1e4e7f125ce
Upstream: https://github.com/tianocore/edk2/commit/b1c11470598416c89c67b75c991fd0773bcbab9d
Upstream: https://github.com/tianocore/edk2/commit/c230c002accc4281ccc57bba7153a9b2d9b9ccd3