RHSA-2024:2264HighCVSS 8.8
Red Hat Security Advisory: edk2 security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2022-36763 — EDK2: heap buffer overflow in Tcg2MeasureGptTable() CVE-2022-36764 — EDK2: heap buffer overflow in Tcg2MeasurePeImage() CVE-2023-3446 — openssl: Excessive time spent checking DH keys and parameters CVE-2023-45229 — edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message CVE-2023-45231 — edk2: Out of Bounds read when handling a ND Redirect message with truncated options CVE-2023-45232 — edk2: Infinite loop when parsing unknown options in the Destination Options header CVE-2023-45233 — edk2: Infinite loop when parsing a PadN option in the Destination Options header CVE-2023-45235 — edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2024:2264
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2224962
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2257582
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2257583
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258677
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258691
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258694
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258700
- externalhttps://issues.redhat.com/browse/RHEL-14123
- externalhttps://issues.redhat.com/browse/RHEL-20963
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2264.json