high
7.8
Advisory Published
Updated

CVE-2019-14575

First published: Tue Dec 31 2019(Updated: )

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

Credit: secure@intel.com secure@intel.com

Affected SoftwareAffected VersionHow to fix
Tianocore EDK2
Debian Debian Linux=9.0
ubuntu/edk2<0~20180205.
0~20180205.
ubuntu/edk2<0~20190606.20
0~20190606.20
ubuntu/edk2<0~20160408.
0~20160408.
debian/edk2
0~20181115.85588389-3+deb10u3
2020.11-2+deb11u1
2020.11-2+deb11u2
2022.11-6
2022.11-6+deb12u1
2024.02-2

Remedy

https://github.com/tianocore/edk2/commit/fbb96072233b5eaecf4d229cbee47b13dcab39e1

Remedy

https://github.com/tianocore/edk2/commit/c13742b180095e5181e41dffda954581ecbd9b9c

Remedy

https://github.com/tianocore/edk2/commit/9e569700901857d0ba418ebdd30b8086b908688c

Remedy

https://github.com/tianocore/edk2/commit/929d1a24d12822942fd4f9fa83582e27f92de243

Remedy

https://github.com/tianocore/edk2/commit/adc6898366298d1f64b91785e50095527f682758

Remedy

https://github.com/tianocore/edk2/commit/a83dbf008cc73406cbdc0d5ac3164cc19fff6683

Remedy

https://github.com/tianocore/edk2/commit/5cd8be6079ea7e5638903b2f3da0f4c10ec7f1da

Remedy

https://github.com/tianocore/edk2/commit/cb30c8f25162e6d8142c6b098f14c1e4e7f125ce

Remedy

https://github.com/tianocore/edk2/commit/b1c11470598416c89c67b75c991fd0773bcbab9d

Remedy

https://github.com/tianocore/edk2/commit/c230c002accc4281ccc57bba7153a9b2d9b9ccd3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2019-14575?

    CVE-2019-14575 is a logic issue in DxeImageVerificationHandler() for EDK II that may allow an authenticated user to potentially enable escalation of privilege via local access.

  • What is the severity of CVE-2019-14575?

    The severity of CVE-2019-14575 is high with a severity value of 7.8.

  • Which software is affected by CVE-2019-14575?

    The affected software is EDK II, specifically versions 0~20181115.85588389-3+deb10u3, 2020.11-2+deb11u1, 2022.11-6, and 2023.05-2 for Debian, as well as version 0~20180205.0 and 0~20190606.20 for Ubuntu.

  • How can an authenticated user exploit CVE-2019-14575?

    An authenticated user may exploit CVE-2019-14575 by leveraging the logic issue in DxeImageVerificationHandler() for EDK II to potentially enable escalation of privilege via local access.

  • Where can I find more information about CVE-2019-14575?

    More information about CVE-2019-14575 can be found at the following references: [https://bugzilla.tianocore.org/show_bug.cgi?id=1608](https://bugzilla.tianocore.org/show_bug.cgi?id=1608), [https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html](https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html), [https://launchpad.net/bugs/cve/CVE-2019-14575](https://launchpad.net/bugs/cve/CVE-2019-14575).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203