CVE-2019-14575 — Incorrect Authorization in Linux

CWE-863 — Incorrect Authorization10 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 81.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tianocore Edk2 Debian Linux

Timeline

PublishedNov 23

Latest updateMay 24

Description

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶Debiantianocore/edk2< 0~20200229.4c0f6e34-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-jg74-g2r7-p8mf: Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access↗2022-05-24

▶

OSV

CVE-2019-14575: Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access↗2020-11-23

▶

CVEList

CVE-2019-14575: Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access↗2020-11-23

▶

📋Vendor Advisories

Ubuntu

EDK II vulnerabilities↗2020-04-30

▶

Red Hat

edk2: DxeImageVerificationHandler() fails open in case of dbx signature check↗2020-02-05

▶

Debian

CVE-2019-14575: edk2 - Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticat...↗2019

▶

💬Community

Bugzilla

CVE-2019-14575 edk2: DxeImageVerificationHandler() fails open in case of dbx signature check [epel-all]↗2020-02-10

▶

Bugzilla

CVE-2019-14575 edk2: DxeImageVerificationHandler() fails open in case of dbx signature check [fedora-all]↗2020-02-10

▶

Bugzilla

CVE-2019-14575 edk2: DxeImageVerificationHandler() fails open in case of dbx signature check↗2019-08-02

▶