Flatcar icon indicating copy to clipboard operation
Flatcar copied to clipboard
verified publisher icon flatcar

update: edk2-bin

Open dongsupark opened this issue 1 year ago • 5 comments

Name: edk2-ovmf-bin CVEs: CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, ~~CVE-2024-1298, CVE-2024-38796,~~ , CVE-2024-38797 CVSSs: 7.8, 7.8, 7.8, 6.5, 8.8, 6.5, 7.5, 7.5, 8.8, 8.8, 7.5, 7.5, ~~6.0, 5.9~~, 4.6 Action Needed: TBD for CVE-2023-*, ~~update to >= 202405 for CVE-2024-1298, >= 202408 for CVE-2024-38796~~, TBD for CVE-2024-38797

Summary:

  • CVE-2022-36763: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
  • CVE-2022-36764: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
  • CVE-2022-36765: EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
  • CVE-2023-45229: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message
  • CVE-2023-45230: Buffer overflow in the DHCPv6 client via a long Server ID option
  • CVE-2023-45231: Out of Bounds read when handling a ND Redirect message with truncated options
  • CVE-2023-45232: Infinite loop when parsing unknown options in the Destination Options header
  • CVE-2023-45233: Infinite loop when parsing a PadN option in the Destination Options header
  • CVE-2023-45234: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
  • CVE-2023-45235: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
  • CVE-2023-45236: Predictable TCP Initial Sequence Numbers
  • CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
  • ~~CVE-2024-1298: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.~~
    • ~~https://bugzilla.redhat.com/show_bug.cgi?id=2284243~~
  • ~~CVE-2024-38796: Integer overflows in PeCoffLoaderRelocateImage() may cause memory corruption.~~
    • ~~https://bugzilla.redhat.com/show_bug.cgi?id=2315390~~
  • CVE-2024-38797: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.
    • https://bugzilla.redhat.com/show_bug.cgi?id=2358006

Not critical, as edk2-bin is only included in the Flatcar SDK.

refmap.gentoo:

  • https://bugs.gentoo.org/921729
  • https://bugs.gentoo.org/922253

dongsupark avatar Jan 12 '24 10:01 dongsupark

Added: CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236 and CVE-2023-45237

tormath1 avatar Jan 17 '24 08:01 tormath1

Added CVE-2024-1298.

dongsupark avatar Jul 01 '24 14:07 dongsupark

Added CVE-2024-38796

dongsupark avatar Nov 26 '24 10:11 dongsupark

CVE-2024-1298, CVE-2024-38796 were fixed by https://github.com/flatcar/scripts/pull/2388, included in Alpha 4152.0.0.

dongsupark avatar Dec 20 '24 11:12 dongsupark

Added CVE-2024-38797.

dongsupark avatar Apr 14 '25 13:04 dongsupark