ELSA-2024-12795

ELSA-2024-12795 - edk2 security update

Type:SECURITY
Impact:MODERATE
Release Date:2024-10-18

Description


[20240909]
- Create new 20240909 release for OL8 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}


Related CVEs


CVE-2023-45236
CVE-2024-1298
CVE-2024-25742
CVE-2023-45237

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) edk2-20240909-2.el8.src.rpm8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08-ol8_aarch64_distro_builder
edk2-20240909-2.el8.src.rpm8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08-ol8_aarch64_kvm_appstream
edk2-aarch64-20240909-2.el8.noarch.rpm80f927e0e613273ab00390daeb3ac4aa85d901e1517e27ec939e8ed144935471-ol8_aarch64_kvm_appstream
Oracle Linux 8 (x86_64) edk2-20240909-2.el8.src.rpm8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08-ol8_x86_64_distro_builder
edk2-20240909-2.el8.src.rpm8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08-ol8_x86_64_kvm_appstream
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_23.1.20.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_23.1.21.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_23.1.22.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_23.1.23.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_23.1.24.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_24.1.10.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_24.1.6.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_24.1.7.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_24.1.8.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_24.1.9.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_25.1.0.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_25.1.1.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_25.1.2.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-exadata_dbserver_25.1.3.0.0_x86_64_base
edk2-ovmf-20240909-2.el8.noarch.rpm8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903-ol8_x86_64_kvm_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete