What is the severity of CVE-2019-14587?

The severity of CVE-2019-14587 is medium with a CVSS score of 6.5.

How can an unauthenticated user exploit CVE-2019-14587?

An unauthenticated user can exploit CVE-2019-14587 to potentially enable denial of service through adjacent access.

Which software versions are affected by CVE-2019-14587?

The affected software versions include 0~20180205, 0~20190606.20, 0~20200229.4, 0~20160408, 0~20181115.85588389-3+deb10u3, 2020.11-2+deb11u1, 2022.11-6, 2023.05-2, Tianocore EDK2, and Debian Linux 9.0.

How can I mitigate CVE-2019-14587 on Ubuntu?

To mitigate CVE-2019-14587 on Ubuntu, ensure you have the recommended version of the 'edk2' package installed.

Where can I find more information about CVE-2019-14587?

You can find more information about CVE-2019-14587 on the following references: [Bugzilla](https://bugzilla.tianocore.org/show_bug.cgi?id=1989), [Debian LTS Announce](https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html), [Launchpad](https://launchpad.net/bugs/cve/CVE-2019-14587).

Vulnerability/
CVE-2019-14587

medium

6.5

31/12/2019

1/1/2022

CVE-2019-14587

First published: Tue Dec 31 2019(Updated: )

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Credit: secure@intel.com secure@intel.com

Affected Software	Affected Version	How to fix
Tianocore EDK2
Debian Debian Linux	=9.0
ubuntu/edk2	<0~20180205.	0~20180205.
ubuntu/edk2	<0~20190606.20	0~20190606.20
ubuntu/edk2	<0~20200229.4	0~20200229.4
ubuntu/edk2	<0~20160408.	0~20160408.
debian/edk2		0~20181115.85588389-3+deb10u3 2020.11-2+deb11u1 2020.11-2+deb11u2 2022.11-6 2022.11-6+deb12u1 2024.02-2

Remedy

https://github.com/tianocore/edk2/commit/e36d5ac7d10a6ff5becb0f52fdfd69a1752b0d14

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-4349-1

Frequently Asked Questions

What is the severity of CVE-2019-14587?
The severity of CVE-2019-14587 is medium with a CVSS score of 6.5.
How can an unauthenticated user exploit CVE-2019-14587?
An unauthenticated user can exploit CVE-2019-14587 to potentially enable denial of service through adjacent access.
Which software versions are affected by CVE-2019-14587?
The affected software versions include 0~20180205, 0~20190606.20, 0~20200229.4, 0~20160408, 0~20181115.85588389-3+deb10u3, 2020.11-2+deb11u1, 2022.11-6, 2023.05-2, Tianocore EDK2, and Debian Linux 9.0.
How can I mitigate CVE-2019-14587 on Ubuntu?
To mitigate CVE-2019-14587 on Ubuntu, ensure you have the recommended version of the 'edk2' package installed.
Where can I find more information about CVE-2019-14587?
You can find more information about CVE-2019-14587 on the following references: [Bugzilla](https://bugzilla.tianocore.org/show_bug.cgi?id=1989), [Debian LTS Announce](https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html), [Launchpad](https://launchpad.net/bugs/cve/CVE-2019-14587).

collector/nvd-index
agent/type
agent/last-modified-date
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
agent/remedy
agent/severity
agent/references
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/description
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/tianocore
canonical/tianocore edk2
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
package-manager/debian
package-manager/ubuntu