Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS: 6920-1 Critical: EDK II Buffer Overflow Risk

ubuntu
Calendar Grey July 29, 2024
Dist Ubuntu Esm H88
Critical updates for Ubuntu's EDK II addressing severe security risks and enhancing system protection effectively.
Several security issues were fixed in EDK II.

Summary

Several security issues were fixed in EDK II.

Software Description:

- edk2: UEFI firmware for virtual machines

Details:

It was discovered that EDK II was not properly performing bounds checks

in Tianocompress, which could lead to a buffer overflow. An authenticated

user could use this issue to potentially escalate their privileges via

local access. (CVE-2017-5731)

It was discovered that EDK II had an insufficient memory write check in

the SMM service, which could lead to a page fault occurring. An

authenticated user could use this issue to potentially escalate their

privileges, disclose information and/or create a denial of service via

local access. (CVE-2018-12182)

It was discovered that EDK II incorrectly handled memory in DxeCore, which

could lead to a stack overflow. An unauthenticated user could this

issue to potentially escalate their privileges, disclose information

and/or create a denial of service via local access. This issue only

affected Ubunt...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   ovmf                            0~20180205.c0d9813c-2ubuntu0.3+esm1
                                   Available with Ubuntu Pro
   qemu-efi                        0~20180205.c0d9813c-2ubuntu0.3+esm1
                                   Available with Ubuntu Pro
   qemu-efi-aarch64                0~20180205.c0d9813c-2ubuntu0.3+esm1
                                   Available with Ubuntu Pro
   qemu-efi-arm                    0~20180205.c0d9813c-2ubuntu0.3+esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   ovmf                            0~20160408.ffea0a2c-2ubuntu0.2+esm1
                                   Available with Ubuntu Pro
   qemu-efi                        0~20160408.ffea0a2c-2ubuntu0.2+esm1
                                   Available with Ubuntu Pro

After a standard system update you need to restart the virtual machines
that use the affected firmware to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6920-1

CVE-2017-5731, CVE-2018-12182, CVE-2018-12183, CVE-2018-3613,

CVE-2019-0160

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6920-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here