OESA-2024-2549

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2549
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-2549.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-2549
Upstream
Published
2024-12-13T13:18:51Z
Modified
2025-08-12T05:38:24.910240Z
Summary
linux-firmware security update
Details

This package contains firmware images required by some devices.

Security Fix(es):

IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.(CVE-2023-20584)

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.(CVE-2023-31356)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / linux-firmware

Package

Name
linux-firmware
Purl
pkg:rpm/openEuler/linux-firmware&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20241017-1.oe2003sp4

Ecosystem specific 

{
    "noarch": [
        "linux-firmware-20241017-1.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "linux-firmware-20241017-1.oe2003sp4.src.rpm"
    ]
}