Stay Connected:

ELSA-2024-12795

ELSA-2024-12795 - edk2 security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-10-18

Description


[20240909]
- Create new 20240909 release for OL8 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}


Related CVEs


CVE-2023-45236
CVE-2024-1298
CVE-2024-25742
CVE-2023-45237

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) edk2-20240909-2.el8.src.rpm02b2e05a3f8abd6f1cc02d98470114e5-ol8_aarch64_distro_builder
edk2-20240909-2.el8.src.rpm02b2e05a3f8abd6f1cc02d98470114e5-ol8_aarch64_kvm_appstream
edk2-aarch64-20240909-2.el8.noarch.rpmc3a1e4da58e2f0da5951ad624dfcd209-ol8_aarch64_kvm_appstream
Oracle Linux 8 (x86_64) edk2-20240909-2.el8.src.rpm02b2e05a3f8abd6f1cc02d98470114e5-ol8_x86_64_distro_builder
edk2-20240909-2.el8.src.rpm02b2e05a3f8abd6f1cc02d98470114e5-ol8_x86_64_kvm_appstream
edk2-ovmf-20240909-2.el8.noarch.rpm63b7be4bf1d46e7660af1be3c8f9fe0f-ol8_x86_64_kvm_appstream


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights