Stay Connected:

ELSA-2024-12794

ELSA-2024-12794 - edk2 security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-10-18

Description


[1.7.1]
- Create new 1.7.1 release for OL7 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}


Related CVEs


CVE-2024-1298
CVE-2024-25742
CVE-2023-45236
CVE-2023-45237

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) edk2-1.7.1-3.el7.src.rpmb53a8e44b623e327e103992af1529f91-ol7_aarch64_latest
edk2-1.7.1-3.el7.src.rpmb53a8e44b623e327e103992af1529f91-ol7_aarch64_optional_latest
edk2-1.7.1-3.el7.src.rpmb53a8e44b623e327e103992af1529f91-ol7_aarch64_u9_patch
AAVMF-1.7.1-3.el7.noarch.rpmd41ebf60d06aede159241dade4e5e35e-ol7_aarch64_latest
AAVMF-1.7.1-3.el7.noarch.rpmd41ebf60d06aede159241dade4e5e35e-ol7_aarch64_u9_patch
Oracle Linux 7 (x86_64) edk2-1.7.1-3.el7.src.rpmb53a8e44b623e327e103992af1529f91-ol7_x86_64_kvm_utils


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights