CVE-2019-14586

Опубликовано: 16 фев. 2020

Источник: redhat

CVSS3: 4.6

EPSS Низкий

Описание

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	ovmf	Not affected
Red Hat Enterprise Linux 8	edk2	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1833340edk2: potential use-after-free due to the original configuration runtime memory is freed but it is still exposed to the OS runtime

EPSS

Процентиль: 34%

0.00135

Низкий

4.6 Medium

CVSS3

Связанные уязвимости

CVE-2019-14586

CVSS3: 8

ubuntu

около 5 лет назад

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

CVE-2019-14586

CVSS3: 8

nvd

около 5 лет назад

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

CVE-2019-14586

CVSS3: 8

debian

около 5 лет назад

Use after free vulnerability in EDK II may allow an authenticated user ...

GHSA-ph92-fm2f-7w7p

github

больше 3 лет назад

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

EPSS

Процентиль: 34%

0.00135

Низкий

4.6 Medium

CVSS3