CoreUnloadAndCloseImage() unconditionally calls UnprotectUefiImage()[1], which unconditionally calls SetUefiImageMemoryAttributes()[2], which has a precondition that CpuDxe has loaded[3]. When an image is loaded and unloaded before CpuDxe is ready (e.g. returns an error code from the entry point), this may cause a NULL dereference. [1] https://github.com/tianocore/edk2/blob/2072c22a0d63c780b0cc6377f6d4ffb116ad6144/MdeModulePkg/Core/Dxe/Image/Image.c#L936 [2] https://github.com/tianocore/edk2/blob/2072c22a0d63c780b0cc6377f6d4ffb116ad6144/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c#L613 [3] https://github.com/tianocore/edk2/blob/2072c22a0d63c780b0cc6377f6d4ffb116ad6144/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c#L225
Marvin, you can continue to provide the proposal.
Sorry, I must have accidentally run into the issue on an old version of EDK II or something, it is not reproducible on the latest master, and my explanation was actually flawed because image protection aborts early pre-CpuDxe [1]. I'm very sorry for the confusion. [1] https://github.com/tianocore/edk2/blob/2072c22a0d63c780b0cc6377f6d4ffb116ad6144/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c#L405-L407
Closing as INVALID per comment 2; please revert if I'm mistaken. Thank you.