rpm package
almalinux/edk2-tools-doc
pkg:rpm/almalinux/edk2-tools-doc
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-2296 | Hig | — | < 20251114-5.el10_2 | 20251114-5.el10_2 | Dec 9, 2025 | EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentialit | |
| CVE-2025-9230 | Hig | 7.5 | < 20241117-4.el9_7.3 | 20241117-4.el9_7.3 | Sep 30, 2025 | Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds | |
| CVE-2024-38796 | Med | 5.9 | < 20240524-6.el9_5.3 | 20240524-6.el9_5.3 | Sep 27, 2024 | EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |
| CVE-2024-6119 | Hig | 7.5 | < 20231122-6.el9_4.4 | 20231122-6.el9_4.4 | Sep 3, 2024 | Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can | |
| CVE-2024-1298 | Med | 6.0 | < 20240524-6.el9_5 | 20240524-6.el9_5 | May 30, 2024 | EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. | |
| CVE-2023-6237 | Med | 5.9 | < 20240524-6.el9_5 | 20240524-6.el9_5 | Apr 25, 2024 | Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an un | |
| CVE-2024-0727 | Med | 5.5 | < 20240524-6.el9_5 | 20240524-6.el9_5 | Jan 26, 2024 | Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can c | |
| CVE-2023-45234 | — | < 20230524-4.el9_3.2.alma | 20230524-4.el9_3.2.alma | Jan 16, 2024 | EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integri | ||
| CVE-2023-45233 | — | < 20231122-6.el9 | 20231122-6.el9 | Jan 16, 2024 | EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. | ||
| CVE-2023-45232 | — | < 20231122-6.el9 | 20231122-6.el9 | Jan 16, 2024 | EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. | ||
| CVE-2023-45235 | — | < 20231122-6.el9 | 20231122-6.el9 | Jan 16, 2024 | EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidential | ||
| CVE-2023-45237 | — | < 20231122-6.el9_4.2 | 20231122-6.el9_4.2 | Jan 16, 2024 | EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | ||
| CVE-2023-45236 | — | < 20231122-6.el9_4.2 | 20231122-6.el9_4.2 | Jan 16, 2024 | EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | ||
| CVE-2023-45231 | — | < 20231122-6.el9 | 20231122-6.el9 | Jan 16, 2024 | EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | ||
| CVE-2023-45230 | — | < 20230524-4.el9_3.2.alma | 20230524-4.el9_3.2.alma | Jan 16, 2024 | EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability | ||
| CVE-2023-45229 | — | < 20231122-6.el9 | 20231122-6.el9 | Jan 16, 2024 | EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentialit | ||
| CVE-2023-6129 | Med | 6.5 | < 20240524-6.el9_5 | 20240524-6.el9_5 | Jan 9, 2024 | Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether | |
| CVE-2022-36765 | — | < 20231122-6.el9_4.2 | 20231122-6.el9_4.2 | Jan 9, 2024 | EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||
| CVE-2022-36764 | — | < 20231122-6.el9 | 20231122-6.el9 | Jan 9, 2024 | EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||
| CVE-2022-36763 | — | < 20231122-6.el9 | 20231122-6.el9 | Jan 9, 2024 | EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
- affected < 20251114-5.el10_2fixed 20251114-5.el10_2
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentialit
- affected < 20241117-4.el9_7.3fixed 20241117-4.el9_7.3
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds
- affected < 20240524-6.el9_5.3fixed 20240524-6.el9_5.3
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
- affected < 20231122-6.el9_4.4fixed 20231122-6.el9_4.4
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can
- affected < 20240524-6.el9_5fixed 20240524-6.el9_5
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
- affected < 20240524-6.el9_5fixed 20240524-6.el9_5
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an un
- affected < 20240524-6.el9_5fixed 20240524-6.el9_5
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can c
- CVE-2023-45234Jan 16, 2024affected < 20230524-4.el9_3.2.almafixed 20230524-4.el9_3.2.alma
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integri
- CVE-2023-45233Jan 16, 2024affected < 20231122-6.el9fixed 20231122-6.el9
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
- CVE-2023-45232Jan 16, 2024affected < 20231122-6.el9fixed 20231122-6.el9
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
- CVE-2023-45235Jan 16, 2024affected < 20231122-6.el9fixed 20231122-6.el9
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidential
- CVE-2023-45237Jan 16, 2024affected < 20231122-6.el9_4.2fixed 20231122-6.el9_4.2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
- CVE-2023-45236Jan 16, 2024affected < 20231122-6.el9_4.2fixed 20231122-6.el9_4.2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
- CVE-2023-45231Jan 16, 2024affected < 20231122-6.el9fixed 20231122-6.el9
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
- CVE-2023-45230Jan 16, 2024affected < 20230524-4.el9_3.2.almafixed 20230524-4.el9_3.2.alma
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability
- CVE-2023-45229Jan 16, 2024affected < 20231122-6.el9fixed 20231122-6.el9
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentialit
- affected < 20240524-6.el9_5fixed 20240524-6.el9_5
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether
- CVE-2022-36765Jan 9, 2024affected < 20231122-6.el9_4.2fixed 20231122-6.el9_4.2
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
- CVE-2022-36764Jan 9, 2024affected < 20231122-6.el9fixed 20231122-6.el9
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
- CVE-2022-36763Jan 9, 2024affected < 20231122-6.el9fixed 20231122-6.el9
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Page 1 of 2