Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Synopsis
Moderate: edk2 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for edk2 is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this u ...
Debian Bug report logs -
#967994
edk2: CVE-2019-14560
Package:
src:edk2;
Maintainer for src:edk2 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 6 Aug 2020 11:06:01 UTC
Severity: important
Tags: security, upstream
Found in versions edk2/ ...
GetEfiGlobalVariable2() is used in some instances when looking up the SecureBoot UEFI variable The API can fail in certain circumstances, for example, if AllocatePool() fails or if gRT->GetVariable() fails In the case of secure boot checks, it is critical that this return value is checked if an attacker can cause the API to fail, it would cur ...