Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-14560 - log back

CVE-2019-14560 edited at 14 Dec 2020 22:50:10

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Certificate verification bypass

Description

+

GetEfiGlobalVariable2() is used in some instances when looking up the SecureBoot UEFI variable. The API can fail in certain circumstances, for example, if AllocatePool() fails or if gRT->GetVariable() fails. In the case of secure boot checks, it is critical that this return value is checked. if an attacker can cause the API to fail, it would currently constitute a secure boot bypass. This return value check is missing from DxeImageVerificationHandler.

References

+	https://bugzilla.tianocore.org/show_bug.cgi?id=2167

Notes

CVE-2019-14560 created at 14 Dec 2020 22:47:50