ELSA-2024-28600
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-28600
ELSA-2024-28600 - edk2 security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2024-10-18 |
Description
[20240909-2]
- Create new 20240909 release for OL8 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}
Related CVEs
| CVE-2023-45237 |
| CVE-2024-1298 |
| CVE-2023-45236 |
| CVE-2024-25742 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | edk2-20240909-2.el8.src.rpm | 02b2e05a3f8abd6f1cc02d98470114e5 | - | ol8_aarch64_distro_builder |
| edk2-tools-20240909-2.el8.aarch64.rpm | 0ca3eacda814cb11ecf8604789ee9fa5 | - | ol8_aarch64_distro_builder | |
| Oracle Linux 8 (x86_64) | edk2-20240909-2.el8.src.rpm | 02b2e05a3f8abd6f1cc02d98470114e5 | - | ol8_x86_64_distro_builder |
| edk2-tools-20240909-2.el8.x86_64.rpm | a2f380869261e432a6039d79c6bbd6d0 | - | ol8_x86_64_distro_builder | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
