Bug 1858038 (CVE-2019-14560)
Summary: | CVE-2019-14560 edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | berrange, crobinso, kraxel, pbonzini, virt-maint, virt-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1858039, 1858040, 1861743, 1861744, 1910520 | ||
Bug Blocks: | 1858041 |
Description
Pedro Sampaio
2020-07-16 20:59:41 UTC
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1858039] Affects: fedora-all [bug 1858040] Proposed patch: https://bugzilla.tianocore.org/attachment.cgi?id=405&action=diff In function DxeImageVerificationHandler() there is a call to GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, ...) but the return value is not checked. If an attacker is able to cause the API to fail it would allow him to bypass secure boot. This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6330 https://access.redhat.com/errata/RHSA-2023:6330 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6919 https://access.redhat.com/errata/RHSA-2023:6919 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0408 https://access.redhat.com/errata/RHSA-2024:0408 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1415 https://access.redhat.com/errata/RHSA-2024:1415 |