ELSA-2024-12795

ULN >
Oracle Linux Errata repository >
ELSA-2024-12795

ELSA-2024-12795 - edk2 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-10-18

Description

[20240909]
- Create new 20240909 release for OL8 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_aarch64_distro_builder
	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_aarch64_kvm_appstream
	edk2-aarch64-20240909-2.el8.noarch.rpm	80f927e0e613273ab00390daeb3ac4aa85d901e1517e27ec939e8ed144935471	-	ol8_aarch64_kvm_appstream

Oracle Linux 8 (x86_64)	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_x86_64_distro_builder
	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_x86_64_kvm_appstream
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_23.1.20.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_23.1.21.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_23.1.22.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_23.1.23.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_23.1.24.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_24.1.10.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_24.1.6.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_24.1.7.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_24.1.8.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_24.1.9.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_25.1.0.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_25.1.1.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_25.1.2.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	exadata_dbserver_25.1.3.0.0_x86_64_base
	edk2-ovmf-20240909-2.el8.noarch.rpm	8df61d9b01b4938d797d736e6f3275bed110c410fba176774b92092465df4903	-	ol8_x86_64_kvm_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691