Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: edk2-ovmf-bin #1318

Open
dongsupark opened this issue Jan 12, 2024 · 3 comments
Open

update: edk2-ovmf-bin #1318

dongsupark opened this issue Jan 12, 2024 · 3 comments
Labels
advisory/only-sdk affects only Flatcar SDK advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns

Comments

@dongsupark
Copy link
Member

dongsupark commented Jan 12, 2024
edited
Loading

Name: edk2-ovmf-bin
CVEs: CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2024-1298, CVE-2024-38796,
CVSSs: 7.8, 7.8, 7.8, 6.5, 8.8, 6.5, 7.5, 7.5, 8.8, 8.8, 7.5, 7.5, 6.0, 5.9
Action Needed: TBD for CVE-2023-*, update to >= 202405 for CVE-2024-1298, >= 202408 for CVE-2024-38796

Summary:

  • CVE-2022-36763: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
  • CVE-2022-36764: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
  • CVE-2022-36765: EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
  • CVE-2023-45229: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message
  • CVE-2023-45230: Buffer overflow in the DHCPv6 client via a long Server ID option
  • CVE-2023-45231: Out of Bounds read when handling a ND Redirect message with truncated options
  • CVE-2023-45232: Infinite loop when parsing unknown options in the Destination Options header
  • CVE-2023-45233: Infinite loop when parsing a PadN option in the Destination Options header
  • CVE-2023-45234: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
  • CVE-2023-45235: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
  • CVE-2023-45236: Predictable TCP Initial Sequence Numbers
  • CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
  • CVE-2024-1298: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
  • CVE-2024-38796: Integer overflows in PeCoffLoaderRelocateImage() may cause memory corruption.

Not critical, as edk2-ovmf-bin is only included in the Flatcar SDK.

refmap.gentoo:
@dongsupark dongsupark added security security concerns advisory security advisory advisory/only-sdk affects only Flatcar SDK labels Jan 12, 2024
@dongsupark dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Jan 12, 2024
@tormath1
Copy link
Contributor

Added: CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236 and CVE-2023-45237

@github-actions github-actions bot mentioned this issue Jan 22, 2024
Closed
@dongsupark dongsupark added the cvss/HIGH > 7 && < 9 assessed CVSS label Jan 22, 2024
@github-actions github-actions bot mentioned this issue Feb 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Mar 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Apr 22, 2024
Closed
@github-actions github-actions bot mentioned this issue May 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Jun 22, 2024
Closed
@dongsupark
Copy link
Member Author

Added CVE-2024-1298.

@github-actions github-actions bot mentioned this issue Jul 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Aug 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Sep 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Oct 22, 2024
Open
@github-actions github-actions bot mentioned this issue Nov 22, 2024
Open
@dongsupark
Copy link
Member Author

Added CVE-2024-38796

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
advisory/only-sdk affects only Flatcar SDK advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns
Projects
Flatcar tactical, release planning, and roadmap
Status: 🪵Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dongsupark @tormath1