ELSA-2024-28600

ELSA-2024-28600 - edk2 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-10-18

Description

[20240909-2]
- Create new 20240909 release for OL8 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}

Related CVEs

CVE-2023-45237

CVE-2024-1298

CVE-2023-45236

CVE-2024-25742

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_aarch64_distro_builder
	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_aarch64_kvm_appstream
	edk2-tools-20240909-2.el8.aarch64.rpm	370e0a516acc150ef260e8c726f3f25fd9fed738d690c37d9fc3a35cf23df214	-	ol8_aarch64_distro_builder
Oracle Linux 8 (x86_64)	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_x86_64_distro_builder
	edk2-20240909-2.el8.src.rpm	8a28c7e032b01a9d77a3cef0bc5d187a0ebfd9f47370c3296f926443ece9cf08	-	ol8_x86_64_kvm_appstream
	edk2-tools-20240909-2.el8.x86_64.rpm	e3b3d56d52d2b33a1cd89f496946815f124a2ce2f7bd35832a04c99afc46b495	-	ol8_x86_64_distro_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team