An issue was discovered in edk2. Freed memory was not cleared in some cases, potentially leaking secret information. Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=1611 Upstream commits: https://github.com/tianocore/edk2/commit/764e8ba1389a617639d79d2c4f0d53f4ea4a7387 https://github.com/tianocore/edk2/commit/f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1833349] Affects: fedora-all [bug 1833348]
Marking rhel-7/ovmf and rhel-8/edk2 as notaffected based on https://bugzilla.tianocore.org/show_bug.cgi?id=1611#c9 .
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14558