SB2024031941 - Red Hat Enterprise Linux 8.8 Extended Update Support update for edk2
Published: March 19, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2023-45230)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within a long server ID option in DHCPv6 client. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Unchecked Return Value (CVE-ID: CVE-2019-14560)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to an unchecked return value within the DxeImageVerificationHandler() function in SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c. A local user can bypass the secure boot protection.
3) Resource management error (CVE-ID: CVE-2023-3446)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the DH_check(), DH_check_ex() and EVP_PKEY_param_check() function when processing a DH key or DH parameters. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
4) Buffer overflow (CVE-ID: CVE-2023-45234)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing DNS Servers option from a DHCPv6 Advertise message. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.