EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IANA or IATA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "efi-shell-aa64", "binary_version": "2023.11-6" }, { "binary_name": "efi-shell-arm", "binary_version": "2023.11-6" }, { "binary_name": "efi-shell-ia32", "binary_version": "2023.11-6" }, { "binary_name": "efi-shell-riscv64", "binary_version": "2023.11-6" }, { "binary_name": "efi-shell-x64", "binary_version": "2023.11-6" }, { "binary_name": "ovmf", "binary_version": "2023.11-6" }, { "binary_name": "ovmf-ia32", "binary_version": "2023.11-6" }, { "binary_name": "qemu-efi-aarch64", "binary_version": "2023.11-6" }, { "binary_name": "qemu-efi-arm", "binary_version": "2023.11-6" }, { "binary_name": "qemu-efi-riscv64", "binary_version": "2023.11-6" } ] }