CVE-2019-14584NULL Pointer Dereference in Edk2

CWE-476NULL Pointer Dereference12 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedJun 3
Latest updateMay 24

Description

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDtianocore/edk2< 2020-10-21
Debiantianocore/edk2< 2020.11-1+3

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-r5j3-cc22-8xx9: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access2022-05-24
OSV
CVE-2019-14584: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access2021-06-03
CVEList
CVE-2019-14584: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access2021-06-03
OSV
edk2 vulnerabilities2021-01-07

📋Vendor Advisories

4
Microsoft
Null pointer dereference in Tianocore EDK22021-06-08
Ubuntu
EDK II vulnerabilities2021-01-07
Red Hat
edk2: NULL pointer dereference in AuthenticodeVerify()2020-10-16
Debian
CVE-2019-14584: edk2 - Null pointer dereference in Tianocore EDK2 may allow an authenticated user to po...2019

💬Community

3
Bugzilla
CVE-2019-14584 edk2: NULL pointer dereference in AuthenticodeVerify() [fedora-all]2020-10-20
Bugzilla
CVE-2019-14584 edk2: NULL pointer dereference in AuthenticodeVerify() [epel-all]2020-10-20
Bugzilla
CVE-2019-14584 edk2: NULL pointer dereference in AuthenticodeVerify()2020-10-19
CVE-2019-14584 — NULL Pointer Dereference in Edk2 | cvebase