RHSA-2024:4749

Description

Red Hat Security Advisory: edk2 security update

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Systems

• redhat•edk2

  < 0:20231122-6.el9_4.2 | < 0:20231122-6.el9_4.2

• redhat•edk2-aarch64

  < 0:20231122-6.el9_4.2 | < 0:20231122-6.el9_4.2

• redhat•edk2-debugsource

  < 0:20231122-6.el9_4.2 | < 0:20231122-6.el9_4.2

• redhat•edk2-ovmf

  < 0:20231122-6.el9_4.2 | < 0:20231122-6.el9_4.2

• redhat•edk2-tools

  < 0:20231122-6.el9_4.2 | < 0:20231122-6.el9_4.2

• redhat•edk2-tools-debuginfo

  < 0:20231122-6.el9_4.2 | < 0:20231122-6.el9_4.2

• redhat•edk2-tools-doc

  < 0:20231122-6.el9_4.2 | < 0:20231122-6.el9_4.2

References (19)

• https://access.redhat.com/errata/RHSA-2024:4749
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=2257584
• https://bugzilla.redhat.com/show_bug.cgi?id=2258703
• https://bugzilla.redhat.com/show_bug.cgi?id=2258706
• https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4749.json
• https://access.redhat.com/security/cve/CVE-2022-36765
• https://www.cve.org/CVERecord?id=CVE-2022-36765
• https://nvd.nist.gov/vuln/detail/CVE-2022-36765
• https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx
• https://access.redhat.com/security/cve/CVE-2023-45236
• https://www.cve.org/CVERecord?id=CVE-2023-45236
• https://nvd.nist.gov/vuln/detail/CVE-2023-45236
• https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
• https://github.com/advisories/GHSA-fqc4-ffq5-4r98
• https://access.redhat.com/security/cve/CVE-2023-45237
• https://www.cve.org/CVERecord?id=CVE-2023-45237
• https://nvd.nist.gov/vuln/detail/CVE-2023-45237
• https://github.com/advisories/GHSA-fxqf-p2p3-gxvr