Описание
Security update for ovmf
This update for ovmf fixes the following issues:
- CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680).
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
ovmf-2017+git1510945757.b2662641d5-3.49.1
ovmf-tools-2017+git1510945757.b2662641d5-3.49.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.49.1
qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.49.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
ovmf-2017+git1510945757.b2662641d5-3.49.1
ovmf-tools-2017+git1510945757.b2662641d5-3.49.1
qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.49.1
Ссылки
- Link for SUSE-SU-2026:0121-1
- E-Mail link for SUSE-SU-2026:0121-1
- SUSE Security Ratings
- SUSE Bug 1218680
- SUSE CVE CVE-2022-36765 page
Описание
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ovmf-2017+git1510945757.b2662641d5-3.49.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ovmf-tools-2017+git1510945757.b2662641d5-3.49.1
SUSE Linux Enterprise Server 12 SP5-LTSS:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.49.1
SUSE Linux Enterprise Server 12 SP5-LTSS:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.49.1
Ссылки
- CVE-2022-36765
- SUSE Bug 1218680