USN-6638-1

Advisory lineage Upstream: 20 Downstream: 0
Published: 15 Feb 2024, 01:36
Last modified:27 Apr 2026, 17:04

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Feb 2024, 01:36
Published
Vulnerability first disclosed
27 Apr 2026, 17:04
Last Modified
Vulnerability information updated

Description

edk2 vulnerabilities Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. (CVE-2022-36763, CVE-2022-36764, CVE-2022-36765) It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution. (CVE-2023-45230, CVE-2023-45234, CVE-2023-45235) It was discovered that an out-of-bounds read exists in EDK2's Network Package An attacker on the local network could potentially use this to impact confidentiality. (CVE-2023-45231) It was discovered that infinite-loops exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability. (CVE-2023-45232, CVE-2023-45233) Mate Kukri discovered that an insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. An attacker could use this to bypass Secure Boot. (CVE-2023-48733)

Affected Systems

  • ubuntuedk2

    < 0~20191122.bd85bf54-2ubuntu3.5 | < 2022.02-3ubuntu0.22.04.2

References (12)