ELSA-2024-12793 - edk2 security update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2024-10-18 |
Description
[1.7.1]
- Create new 1.7.1 release for OL7 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle Linux 7 (aarch64) | edk2-1.7.1-3.el7.src.rpm | 3799049fc9c00b97a54305faf3f9afab5947f32af9c026086f5deafb7b1d2357 | - | ol7_aarch64_developer_kvm_utils |
| edk2-1.7.1-3.el7.src.rpm | 3799049fc9c00b97a54305faf3f9afab5947f32af9c026086f5deafb7b1d2357 | - | ol7_aarch64_latest |
| edk2-1.7.1-3.el7.src.rpm | 3799049fc9c00b97a54305faf3f9afab5947f32af9c026086f5deafb7b1d2357 | - | ol7_aarch64_optional_latest |
| edk2-1.7.1-3.el7.src.rpm | 3799049fc9c00b97a54305faf3f9afab5947f32af9c026086f5deafb7b1d2357 | - | ol7_aarch64_u9_patch |
|
| Oracle Linux 7 (x86_64) | edk2-1.7.1-3.el7.src.rpm | 3799049fc9c00b97a54305faf3f9afab5947f32af9c026086f5deafb7b1d2357 | - | ol7_x86_64_developer_kvm_utils |
| edk2-1.7.1-3.el7.src.rpm | 3799049fc9c00b97a54305faf3f9afab5947f32af9c026086f5deafb7b1d2357 | - | ol7_x86_64_kvm_utils |
| OVMF-1.7.1-3.el7.noarch.rpm | 7ef3e623cc47564d3ab9b9fa2e4edca394cc8197e6065de7126cebec77d59eff | - | ol7_x86_64_kvm_utils |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
