CVE-2019-14586 — Use After Free in Linux
Severity
8.0HIGHNVD
EPSS
0.1%
top 66.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 23
Latest updateMay 24
Description
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9
Affected Packages1 packages
Also affects: Debian Linux 9.0
🔴Vulnerability Details
3GHSA▶
GHSA-ph92-fm2f-7w7p: Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or de↗2022-05-24
OSV▶
CVE-2019-14586: Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or de↗2020-11-23
CVEList▶
CVE-2019-14586: Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or de↗2020-11-23
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2019-14586 edk2: potential use-after-free due to the original configuration runtime memory is freed but it is still exposed to the OS runtime [epel-all]↗2020-05-08
Bugzilla▶
CVE-2019-14586 edk2: potential use-after-free due to the original configuration runtime memory is freed but it is still exposed to the OS runtime [fedora-all]↗2020-05-08
Bugzilla▶
CVE-2019-14586 edk2: potential use-after-free due to the original configuration runtime memory is freed but it is still exposed to the OS runtime↗2020-05-08