CVE-2019-14560 log

Source
Severity Medium
Remote No
Type Certificate verification bypass
Description
GetEfiGlobalVariable2() is used in some instances when looking up the SecureBoot UEFI variable. The API can fail in certain circumstances, for example, if AllocatePool() fails or if gRT->GetVariable() fails. In the case of secure boot checks, it is critical that this return value is checked. if an attacker can cause the API to fail, it would currently constitute a secure boot bypass. This return value check is missing from DxeImageVerificationHandler.
Group Package Affected Fixed Severity Status Ticket
AVG-1360 edk2-shell 202105-1 Medium Vulnerable
References
https://bugzilla.tianocore.org/show_bug.cgi?id=2167