CVE-2019-14584

Published: 31 December 2019

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian
Upstream
Released (2020.11-1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (0~20191122.bd85bf54-2ubuntu3.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0~20180205.c0d9813c-2ubuntu0.3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0~20160408.ffea0a2c-2ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10