USN-6638-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6638-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6638-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6638-1

Related

Published

2024-02-15T01:36:15.866512Z

Modified

2024-02-15T01:36:15.866512Z

Summary

edk2 vulnerabilities

Details

Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. (CVE-2022-36763, CVE-2022-36764, CVE-2022-36765)

It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution. (CVE-2023-45230, CVE-2023-45234, CVE-2023-45235)

It was discovered that an out-of-bounds read exists in EDK2's Network Package An attacker on the local network could potentially use this to impact confidentiality. (CVE-2023-45231)

It was discovered that infinite-loops exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability. (CVE-2023-45232, CVE-2023-45233)

Mate Kukri discovered that an insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. An attacker could use this to bypass Secure Boot. (CVE-2023-48733)

References

Affected packages

Ubuntu:20.04:LTS / edk2

Package

Name: edk2
Purl: pkg:deb/ubuntu/edk2?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0~20191122.bd85bf54-2ubuntu3.5

Affected versions

0~20190606.*

0~20190606.20d2e5a1-2ubuntu1

0~20190828.*

0~20190828.37eef910-3

0~20190828.37eef910-4

0~20191122.*

0~20191122.bd85bf54-1

0~20191122.bd85bf54-1ubuntu1

0~20191122.bd85bf54-2

0~20191122.bd85bf54-2ubuntu1

0~20191122.bd85bf54-2ubuntu2

0~20191122.bd85bf54-2ubuntu3

0~20191122.bd85bf54-2ubuntu3.1

0~20191122.bd85bf54-2ubuntu3.2

0~20191122.bd85bf54-2ubuntu3.3

0~20191122.bd85bf54-2ubuntu3.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.5",
            "binary_name": "ovmf"
        },
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.5",
            "binary_name": "qemu-efi"
        },
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.5",
            "binary_name": "qemu-efi-aarch64"
        },
        {
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.5",
            "binary_name": "qemu-efi-arm"
        }
    ]
}

Ubuntu:22.04:LTS / edk2

Package

Name: edk2
Purl: pkg:deb/ubuntu/edk2?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2022.02-3ubuntu0.22.04.2

Affected versions

2021.*

2021.08~rc0-2

2021.08-3

2021.11~rc1-1

2021.11-1

2021.11-2

2022.*

2022.02~rc1-1

2022.02~rc1-1ubuntu1

2022.02-1

2022.02-2

2022.02-3

2022.02-3ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2022.02-3ubuntu0.22.04.2",
            "binary_name": "ovmf"
        },
        {
            "binary_version": "2022.02-3ubuntu0.22.04.2",
            "binary_name": "ovmf-ia32"
        },
        {
            "binary_version": "2022.02-3ubuntu0.22.04.2",
            "binary_name": "qemu-efi"
        },
        {
            "binary_version": "2022.02-3ubuntu0.22.04.2",
            "binary_name": "qemu-efi-aarch64"
        },
        {
            "binary_version": "2022.02-3ubuntu0.22.04.2",
            "binary_name": "qemu-efi-arm"
        }
    ]
}

Ubuntu:23.10 / edk2

Package

Name: edk2
Purl: pkg:deb/ubuntu/edk2?arch=src?distro=mantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2023.05-2ubuntu0.1

Affected versions

2022.*

2022.11-6

2023.*

2023.02-1

2023.02-2

2023.05-1

2023.05-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "efi-shell-aa64"
        },
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "efi-shell-arm"
        },
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "efi-shell-ia32"
        },
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "efi-shell-x64"
        },
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "ovmf"
        },
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "ovmf-ia32"
        },
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "qemu-efi-aarch64"
        },
        {
            "binary_version": "2023.05-2ubuntu0.1",
            "binary_name": "qemu-efi-arm"
        }
    ]
}