A potential use-after-free bug was discovered in edk2. The original configuration runtime memory is freed, but it is still exposed to the OS runtime. Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=1995 Upstream commit: https://github.com/tianocore/edk2/commit/c32be82e99ef272e7fa742c2f06ff9a4c3756613
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1833342] Affects: fedora-all [bug 1833341]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14586