Headline
Ubuntu Security Notice USN-6638-1
Ubuntu Security Notice 6638-1 - Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. It was discovered that a buffer overflows exists in EDK2’s Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution.
==========================================================================Ubuntu Security Notice USN-6638-1February 15, 2024edk2 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in EDK II.Software Description:- edk2: UEFI firmware for virtual machinesDetails:Marc Beatove discovered buffer overflows exit in EDK2. An attacker on thelocal network could potentially use this to impact availability or possiblycause remote code execution. (CVE-2022-36763, CVE-2022-36764,CVE-2022-36765)It was discovered that a buffer overflows exists in EDK2's Network PackageAn attacker on the local network could potentially use these to impactavailability or possibly cause remote code execution. (CVE-2023-45230,CVE-2023-45234, CVE-2023-45235)It was discovered that an out-of-bounds read exists in EDK2's NetworkPackage An attacker on the local network could potentially use this toimpact confidentiality. (CVE-2023-45231)It was discovered that infinite-loops exists in EDK2's Network PackageAn attacker on the local network could potentially use these to impactavailability. (CVE-2023-45232, CVE-2023-45233)Mate Kukri discovered that an insecure default to allow UEFI Shell inEDK2 was left enabled in Ubuntu's EDK2. An attacker could use this tobypass Secure Boot. (CVE-2023-48733)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: efi-shell-aa64 2023.05-2ubuntu0.1 efi-shell-arm 2023.05-2ubuntu0.1 efi-shell-x64 2023.05-2ubuntu0.1 ovmf 2023.05-2ubuntu0.1 qemu-efi-aarch64 2023.05-2ubuntu0.1 qemu-efi-arm 2023.05-2ubuntu0.1Ubuntu 22.04 LTS: ovmf 2022.02-3ubuntu0.22.04.2 qemu-efi 2022.02-3ubuntu0.22.04.2 qemu-efi-aarch64 2022.02-3ubuntu0.22.04.2 qemu-efi-arm 2022.02-3ubuntu0.22.04.2Ubuntu 20.04 LTS: ovmf 0~20191122.bd85bf54-2ubuntu3.5 qemu-efi 0~20191122.bd85bf54-2ubuntu3.5 qemu-efi-aarch64 0~20191122.bd85bf54-2ubuntu3.5 qemu-efi-arm 0~20191122.bd85bf54-2ubuntu3.5In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6638-1 CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-48733,https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137Package Information: https://launchpad.net/ubuntu/+source/edk2/2023.05-2ubuntu0.1 https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.2 https://launchpad.net/ubuntu/+source/edk2/0~20191122.bd85bf54-2ubuntu3.5
Related news
Red Hat Security Advisory 2024-8455-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-8449-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-8104-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-6849-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4419-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
Red Hat Security Advisory 2024-3497-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1722-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1305-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1077-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1076-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1075-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1013-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-1004-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
Debian Linux Security Advisory 5624-1 - Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.
By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to