Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 23.10: USN-6638-1 Moderate: EDK II Buffer Overflow Issues

ubuntu
Calendar Grey February 15, 2024
Dist Ubuntu Esm H88
A range of vulnerabilities concerning Ubuntu's EDK II firmware has been addressed, leading to enhanced overall system protection.
Several security issues were fixed in EDK II.

Summary

Several security issues were fixed in EDK II.

Software Description:

- edk2: UEFI firmware for virtual machines

Details:

Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the

local network could potentially use this to impact availability or possibly

cause remote code execution. (CVE-2022-36763, CVE-2022-36764,

CVE-2022-36765)

It was discovered that a buffer overflows exists in EDK2's Network Package

An attacker on the local network could potentially use these to impact

availability or possibly cause remote code execution. (CVE-2023-45230,

CVE-2023-45234, CVE-2023-45235)

It was discovered that an out-of-bounds read exists in EDK2's Network

Package An attacker on the local network could potentially use this to

impact confidentiality. (CVE-2023-45231)

It was discovered that infinite-loops exists in EDK2's Network Package

An attacker on the local network could potentially use these to impact

availability. (CVE-2023-45232, CVE-2023-45233)

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   efi-shell-aa64                  2023.05-2ubuntu0.1
   efi-shell-arm                   2023.05-2ubuntu0.1
   efi-shell-x64                   2023.05-2ubuntu0.1
   ovmf                            2023.05-2ubuntu0.1
   qemu-efi-aarch64                2023.05-2ubuntu0.1
   qemu-efi-arm                    2023.05-2ubuntu0.1

Ubuntu 22.04 LTS:
   ovmf                            2022.02-3ubuntu0.22.04.2
   qemu-efi                        2022.02-3ubuntu0.22.04.2
   qemu-efi-aarch64                2022.02-3ubuntu0.22.04.2
   qemu-efi-arm                    2022.02-3ubuntu0.22.04.2

Ubuntu 20.04 LTS:
   ovmf                            0~20191122.bd85bf54-2ubuntu3.5
   qemu-efi                        0~20191122.bd85bf54-2ubuntu3.5
   qemu-efi-aarch64                0~20191122.bd85bf54-2ubuntu3.5
   qemu-efi-arm                    0~20191122.bd85bf54-2ubuntu3.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6638-1

CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230,

CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234,

CVE-2023-45235, CVE-2023-48733,https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137

Ubuntu Security Notice USN-6638-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here