Bugzilla – Bug 1174246
VUL-0: CVE-2019-14560: ovmf: improper check of GetEfiGlobalVariable2() return can potentially lead to to secure boot bypass
Last modified: 2022-10-17 08:58:18 UTC
A flaw was found in edk2. Function GetEfiGlobalVariable2() return value is not checked possibly leading to secure boot bypass if an attacker
can cause the API to fail.
Tracked as affected all codestreams that are:
SLE15 and SLE15-SP2
Although a patch was proposed in edk2 upstream bugzilla, but the developer never sent the patch for review so there is no fix merged into edk2 git now...