Vulnerabilities > CVE-2019-14586 - Use After Free vulnerability in multiple products

047910
CVSS 5.2 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
low complexity
tianocore
debian
CWE-416
nessus
NVD
Published: 2020-11-23
Updated: 2022-01-01

Summary

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

Vulnerable Configurations

Part Description Count
Application
Tianocore
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyUbuntu Local Security Checks
NASL idUBUNTU_USN-4349-1.NASL
descriptionA buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12178) A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12180) A stack overflow was discovered in bmp. An unprivileged user could potentially enable denial of service or elevation of privilege via local access. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12181) It was discovered that memory was not cleared before free that could lead to potential password leak. (CVE-2019-14558) A memory leak was discovered in ArpOnFrameRcvdDpc. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-14559) An integer overflow was discovered in MdeModulePkg/PiDxeS3BootScriptLib. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-14563) It was discovered that the affected version doesn
last seen2020-05-08
modified2020-05-01
plugin id136282
published2020-05-01
reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/136282
titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : edk2 vulnerabilities (USN-4349-1)

References