Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 18.04 LTS: 6920-1 Critical: EDK II Buffer Overflow Risk

ubuntu
Calendar Grey July 29, 2024
Dist Ubuntu Esm H88
Critical updates for Ubuntu's EDK II addressing severe security risks and enhancing system protection effectively.
Several security issues were fixed in EDK II.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in EDK II. Software Description: - edk2: UEFI firmware for virtual machines Details: It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticated user could use this issue to potentially escalate their privileges via local access. (CVE-2017-5731) It was discovered that EDK II had an insufficient memory write check in the SMM service, which could lead to a page fault occurring. An authenticated user could use this issue to potentially escalate their privileges, disclose information and/or create a denial of service via local access. (CVE-2018-12182) It was discovered that EDK II incorrectly handled memory in DxeCore, which could lead to a stack overflow. An unauthenticated user could this issue to potentially esca...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow Ubuntu Denial of Service escalation memory handling EDK II

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS ovmf 0~20180205.c0d9813c-2ubuntu0.3+esm1 Available with Ubuntu Pro qemu-efi 0~20180205.c0d9813c-2ubuntu0.3+esm1 Available with Ubuntu Pro qemu-efi-aarch64 0~20180205.c0d9813c-2ubuntu0.3+esm1 Available with Ubuntu Pro qemu-efi-arm 0~20180205.c0d9813c-2ubuntu0.3+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS ovmf 0~20160408.ffea0a2c-2ubuntu0.2+esm1 Available with Ubuntu Pro qemu-efi 0~20160408.ffea0a2c-2ubuntu0.2+esm1 Available with Ubuntu Pro After a standard system update you need to restart the virtual machines that use the affected firmware to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6920-1

CVE-2017-5731, CVE-2018-12182, CVE-2018-12183, CVE-2018-3613,

CVE-2019-0160

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6920-1

Topics%20covered

Topics Covered

security advisory buffer overflow Ubuntu Denial of Service escalation memory handling EDK II

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here