X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=ShellPkg%2FApplication%2FShell%2FShellManParser.c;fp=ShellPkg%2FApplication%2FShell%2FShellManParser.c;h=4d5a5668aa1560584171a3a40615ccc029f29725;hp=6909f294418befbb5bdb3f290b6a9bc430d0f5e0;hb=c671c9106c52f4bd000ab8857eecd19574c70dbd;hpb=2184ededd36b5221699087a8e084e82ee3b3908a

diff --git a/ShellPkg/Application/Shell/ShellManParser.c b/ShellPkg/Application/Shell/ShellManParser.c
index 6909f29441..4d5a5668aa 100644
--- a/ShellPkg/Application/Shell/ShellManParser.c
+++ b/ShellPkg/Application/Shell/ShellManParser.c
@@ -645,6 +645,15 @@ ProcessManFile(
     DevPath = ShellInfoObject.NewEfiShellProtocol->GetDevicePathFromFilePath(CmdFilePathName);
     Status      = gBS->LoadImage(FALSE, gImageHandle, DevPath, NULL, 0, &CmdFileImgHandle);
     if(EFI_ERROR(Status)) {
+      //
+      // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an ImageHandle was created
+      // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now.
+      // If the caller doesn't have the option to defer the execution of an image, we should
+      // unload image for the EFI_SECURITY_VIOLATION to avoid the resource leak.
+      //
+      if (Status == EFI_SECURITY_VIOLATION) {
+        gBS->UnloadImage (CmdFileImgHandle);
+      }
       *HelpText = NULL;
       goto Done;
     }