Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14562)
It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-14584)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0~20180205.c0d9813c-2ubuntu0.3", "binary_name": "ovmf" }, { "binary_version": "0~20180205.c0d9813c-2ubuntu0.3", "binary_name": "qemu-efi" }, { "binary_version": "0~20180205.c0d9813c-2ubuntu0.3", "binary_name": "qemu-efi-aarch64" }, { "binary_version": "0~20180205.c0d9813c-2ubuntu0.3", "binary_name": "qemu-efi-arm" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0~20191122.bd85bf54-2ubuntu3.1", "binary_name": "ovmf" }, { "binary_version": "0~20191122.bd85bf54-2ubuntu3.1", "binary_name": "qemu-efi" }, { "binary_version": "0~20191122.bd85bf54-2ubuntu3.1", "binary_name": "qemu-efi-aarch64" }, { "binary_version": "0~20191122.bd85bf54-2ubuntu3.1", "binary_name": "qemu-efi-arm" } ] }