VYPR

rpm package

almalinux/edk2-ovmf

pkg:rpm/almalinux/edk2-ovmf

Vulnerabilities (29)

  • CVE-2025-2296HigDec 9, 2025
    affected < 20251114-5.el10_2fixed 20251114-5.el10_2

    EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentialit

  • CVE-2025-9230HigSep 30, 2025
    affected < 20241117-4.el9_7.3fixed 20241117-4.el9_7.3

    Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds

  • CVE-2024-38796MedSep 27, 2024
    affected < 20220126gitbb1bba3d77-13.el8_10.4fixed 20220126gitbb1bba3d77-13.el8_10.4

    EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

  • CVE-2024-6119HigSep 3, 2024
    affected < 20231122-6.el9_4.4fixed 20231122-6.el9_4.4

    Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can

  • CVE-2024-1298MedMay 30, 2024
    affected < 20220126gitbb1bba3d77-13.el8_10.2fixed 20220126gitbb1bba3d77-13.el8_10.2

    EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

  • CVE-2023-6237MedApr 25, 2024
    affected < 20240524-6.el9_5fixed 20240524-6.el9_5

    Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an un

  • CVE-2024-0727MedJan 26, 2024
    affected < 20240524-6.el9_5fixed 20240524-6.el9_5

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can c

  • CVE-2023-45234Jan 16, 2024
    affected < 20220126gitbb1bba3d77-6.el8_9.6.almafixed 20220126gitbb1bba3d77-6.el8_9.6.alma

    EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integri

  • CVE-2023-45233Jan 16, 2024
    affected < 20231122-6.el9fixed 20231122-6.el9

    EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

  • CVE-2023-45232Jan 16, 2024
    affected < 20231122-6.el9fixed 20231122-6.el9

    EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

  • CVE-2023-45235Jan 16, 2024
    affected < 20231122-6.el9fixed 20231122-6.el9

    EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidential

  • CVE-2023-45237Jan 16, 2024
    affected < 20231122-6.el9_4.2fixed 20231122-6.el9_4.2

    EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

  • CVE-2023-45236Jan 16, 2024
    affected < 20231122-6.el9_4.2fixed 20231122-6.el9_4.2

    EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

  • CVE-2023-45231Jan 16, 2024
    affected < 20231122-6.el9fixed 20231122-6.el9

    EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

  • CVE-2023-45230Jan 16, 2024
    affected < 20220126gitbb1bba3d77-6.el8_9.6.almafixed 20220126gitbb1bba3d77-6.el8_9.6.alma

    EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability

  • CVE-2023-45229Jan 16, 2024
    affected < 20231122-6.el9fixed 20231122-6.el9

    EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentialit

  • CVE-2023-6129MedJan 9, 2024
    affected < 20240524-6.el9_5fixed 20240524-6.el9_5

    Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether

  • CVE-2022-36765Jan 9, 2024
    affected < 20220126gitbb1bba3d77-13.el8_10fixed 20220126gitbb1bba3d77-13.el8_10

    EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

  • CVE-2022-36764Jan 9, 2024
    affected < 20231122-6.el9fixed 20231122-6.el9

    EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

  • CVE-2022-36763Jan 9, 2024
    affected < 20231122-6.el9fixed 20231122-6.el9

    EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

Page 1 of 2