CVE-2019-14584
published 2021-06-03CVE-2019-14584: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 2020.11-1 (bookworm) | edk2 2020.11-1 (bookworm) |
| msrc | azl3_shim-unsigned-aarch64_15.4-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim-unsigned-aarch64_15.8-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim-unsigned-x64_15.4-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim-unsigned-x64_15.8-5_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| tianocore | edk2 | < 2020-10-21 | 2020-10-21 |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 0~20160408.ffea0a2c-2ubuntu0.2 | 0~20160408.ffea0a2c-2ubuntu0.2 |
| tianocore | edk2 | >= 0 < 0~20180205.c0d9813c-2ubuntu0.3 | 0~20180205.c0d9813c-2ubuntu0.3 |
| tianocore | edk2 | >= 0 < 0~20191122.bd85bf54-2ubuntu3.1 | 0~20191122.bd85bf54-2ubuntu3.1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH