Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 797232 (CVE-2019-14584) - <sys-firmware/edk2-ovmf-202105: privilege escalation with local access (CVE-2019-14584)
Summary: <sys-firmware/edk2-ovmf-202105: privilege escalation with local access (CVE-2...
Alias: CVE-2019-14584
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: ?? [glsa? cleanup]
Depends on: 801925 814122
Blocks: CVE-2021-28211
  Show dependency tree
Reported: 2021-06-20 23:20 UTC by John Helmert III
Modified: 2021-10-09 19:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-06-20 23:20:35 UTC
CVE-2019-14584 (

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Patch (in 202105):
Comment 1 Larry the Git Cow gentoo-dev 2021-06-26 22:23:57 UTC
The bug has been referenced in the following commit(s):

commit 944a1bda9e2a0614e3a176588bb57477813e43dd
Author:     Matthias Maier <>
AuthorDate: 2021-06-26 22:16:40 +0000
Commit:     Matthias Maier <>
CommitDate: 2021-06-26 22:23:52 +0000

    sys-firmware/edk2-ovmf: version bump to 202105
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Matthias Maier <>

 sys-firmware/edk2-ovmf/Manifest                |   3 +
 sys-firmware/edk2-ovmf/edk2-ovmf-202105.ebuild | 173 +++++++++++++++++++++++++
 2 files changed, 176 insertions(+)
Comment 2 Matthias Maier gentoo-dev 2021-06-26 22:27:06 UTC
202105 is now in tree. Let's postpone stabiliziation and cleanup for a bit to get some testing in.
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:21:38 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:29:47 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:37:45 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:45:51 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:53:54 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:01:49 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 18:10:09 UTC Comment hidden (obsolete)
Comment 10 Sam James archtester gentoo-dev Security 2021-08-10 04:45:18 UTC
Throwing in QEMU because it needs the same firmware.
Comment 11 NATTkA bot gentoo-dev 2021-09-07 17:40:41 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-09-08 19:44:39 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-09-20 20:36:39 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 14 John Helmert III gentoo-dev Security 2021-10-09 19:51:14 UTC
Please cleanup.