Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 39 FEDORA-2024-a9dead34c5 Critical: edk2 Heap Overflows

fedora
Calendar Grey March 13, 2024
Dist Fedora Esm H88
The Ubuntu patch resolves critical memory corruption vulnerabilities in Linux kernel, enhancing both stability and defense mechanisms.
update to edk2-stable202402

Summary

EDK II is a modern, feature-rich, cross-platform firmware development

environment for the UEFI and PI specifications. This package contains sample

64-bit UEFI firmware builds for QEMU and KVM.

Update Information:

update to edk2-stable202402

Topics%20covered

Topics Covered

security advisory critical issue Fedora heap overflow firmware update edk2

Change Log

* Mon Feb 26 2024 Gerd Hoffmann - 20240214-2 - switch pcr predition to systemd-pcrlock format * Mon Feb 26 2024 Gerd Hoffmann - 20240214-1 - update to edk2-stable202402

References


[ 1 ] Bug #2257587 - CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257587 [ 2 ] Bug #2257588 - CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257588 [ 3 ] Bug #2257589 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257589 [ 4 ] Bug #2258679 - CVE-2023-4522 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258679 [ 5 ] Bug #2258687 - CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2258687 [ 6 ] Bug #2258690 - CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with t...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a9dead34c5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: edk2
Product: Fedora 39
Version: 20240214
Release: 2.fc39
URL: https://www.tianocore.org/
Summary: UEFI firmware for 64-bit virtual machines

Topics%20covered

Topics Covered

security advisory critical issue Fedora heap overflow firmware update edk2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here