Описание
Security update for ovmf
This update for ovmf fixes the following issues:
- CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount (bsc#1225889).
Список пакетов
SUSE Linux Enterprise Micro 5.5
qemu-ovmf-x86_64-202208-150500.6.3.1
qemu-uefi-aarch64-202208-150500.6.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
qemu-ovmf-x86_64-202208-150500.6.3.1
qemu-ovmf-x86_64-debug-202208-150500.6.3.1
qemu-uefi-aarch32-202208-150500.6.3.1
qemu-uefi-aarch64-202208-150500.6.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
ovmf-202208-150500.6.3.1
ovmf-tools-202208-150500.6.3.1
qemu-ovmf-x86_64-202208-150500.6.3.1
qemu-uefi-aarch64-202208-150500.6.3.1
openSUSE Leap 15.5
ovmf-202208-150500.6.3.1
ovmf-tools-202208-150500.6.3.1
qemu-ovmf-ia32-202208-150500.6.3.1
qemu-ovmf-x86_64-202208-150500.6.3.1
qemu-ovmf-x86_64-debug-202208-150500.6.3.1
qemu-uefi-aarch32-202208-150500.6.3.1
qemu-uefi-aarch64-202208-150500.6.3.1
openSUSE Leap Micro 5.5
qemu-ovmf-x86_64-202208-150500.6.3.1
qemu-uefi-aarch64-202208-150500.6.3.1
Ссылки
- Link for SUSE-SU-2024:4088-1
- E-Mail link for SUSE-SU-2024:4088-1
- SUSE Security Ratings
- SUSE Bug 1225889
- SUSE CVE CVE-2024-1298 page
Описание
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
Затронутые продукты
SUSE Linux Enterprise Micro 5.5:qemu-ovmf-x86_64-202208-150500.6.3.1
SUSE Linux Enterprise Micro 5.5:qemu-uefi-aarch64-202208-150500.6.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:qemu-ovmf-x86_64-202208-150500.6.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:qemu-ovmf-x86_64-debug-202208-150500.6.3.1
Ссылки
- CVE-2024-1298
- SUSE Bug 1225889