CVE-2019-14584
edk2: NULL pointer dereference in AuthenticodeVerify()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
La desviaciĆ³n del puntero null en Tianocore EDK2 puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de acceso local
Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-03 CVE Reserved
- 2021-01-07 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1889486 | 2021-06-11 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2019-14584 | 2021-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tianocore Search vendor "Tianocore" | Edk2 Search vendor "Tianocore" for product "Edk2" | < 2020-10-21 Search vendor "Tianocore" for product "Edk2" and version " < 2020-10-21" | - |
Affected
| ||||||