OESA-2024-1314
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1314
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1314.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-1314
- Upstream
- Published
- 2024-03-22T11:07:16Z
- Modified
- 2025-08-12T05:36:59.251440Z
- Summary
- edk2 security update
- Details
-
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.
Security Fix(es):
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
(CVE-2022-36764)
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
(CVE-2023-45230)
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
(CVE-2023-45232)
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
(CVE-2023-45233)
EDK2's Network Package is susceptible to a buffer overflow vulnerability when
handling Server ID option
from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
(CVE-2023-45235)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1314
- https://nvd.nist.gov/vuln/detail/CVE-2022-36764
- https://nvd.nist.gov/vuln/detail/CVE-2023-45230
- https://nvd.nist.gov/vuln/detail/CVE-2023-45232
- https://nvd.nist.gov/vuln/detail/CVE-2023-45233
- https://nvd.nist.gov/vuln/detail/CVE-2023-45235
Affected packages
openEuler:20.03-LTS-SP1 / edk2
Package
- Name
- edk2
- Purl
- pkg:rpm/openEuler/edk2&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed202002-20.oe1
Ecosystem specific
{
"aarch64": [
"edk2-debuginfo-202002-20.oe1.aarch64.rpm",
"edk2-debugsource-202002-20.oe1.aarch64.rpm",
"edk2-devel-202002-20.oe1.aarch64.rpm"
],
"x86_64": [
"edk2-devel-202002-20.oe1.x86_64.rpm",
"edk2-debuginfo-202002-20.oe1.x86_64.rpm",
"edk2-debugsource-202002-20.oe1.x86_64.rpm"
],
"noarch": [
"edk2-ovmf-202002-20.oe1.noarch.rpm",
"edk2-help-202002-20.oe1.noarch.rpm",
"python3-edk2-devel-202002-20.oe1.noarch.rpm",
"edk2-aarch64-202002-20.oe1.noarch.rpm"
],
"src": [
"edk2-202002-20.oe1.src.rpm"
]
}