ELSA-2024-12793 - edk2 security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2024-10-18 |
Description
[1.7.1]
- Create new 1.7.1 release for OL7 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
|
| Oracle Linux 7 (x86_64) | edk2-1.7.1-3.el7.src.rpm | b53a8e44b623e327e103992af1529f91 | - | ol7_x86_64_kvm_utils |
| OVMF-1.7.1-3.el7.noarch.rpm | d70797211a0526f3d8cfd8bfc71562dd | - | ol7_x86_64_kvm_utils |
