CVE-2019-14587 β€” Use After Free in Linux

CWE-416 β€” Use After Free10 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tianocore Edk2Debian Linux
Timeline
PublishedNov 23
Latest updateMay 24

Description

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

β–ΆDebiantianocore/edk2< 0~20200229.4c0f6e34-1+3

Also affects: Debian Linux 9.0

πŸ”΄Vulnerability Details

3
GHSA
GHSA-5732-xrx9-2xhf: Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access↗2022-05-24
β–Ά
OSV
CVE-2019-14587: Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access↗2020-11-23
β–Ά
CVEList
CVE-2019-14587: Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access↗2020-11-23
β–Ά

πŸ“‹Vendor Advisories

3
Ubuntu
EDK II vulnerabilities↗2020-04-30
β–Ά
Red Hat
edk2: double-unmap issue in SdMmcCreateTrb function in MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c↗2020-02-16
β–Ά
Debian
CVE-2019-14587: edk2 - Logic issue EDK II may allow an unauthenticated user to potentially enable denia...β†—2019
β–Ά

πŸ’¬Community

3
Bugzilla
CVE-2019-14587 edk2: double-unmap issue in SdMmcCreateTrb function in MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c [epel-all]β†—2020-05-08
β–Ά
Bugzilla
CVE-2019-14587 edk2: double-unmap issue in SdMmcCreateTrb function in MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c↗2020-05-08
β–Ά
Bugzilla
CVE-2019-14587 edk2: double-unmap issue in SdMmcCreateTrb function in MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c [fedora-all]β†—2020-05-08
β–Ά
CVE-2019-14587 β€” Use After Free in Debian Linux | cvebase