Описание
Security update for ovmf
This update for ovmf fixes the following issues:
- CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
ovmf-202202-150400.5.21.1
ovmf-tools-202202-150400.5.21.1
qemu-ovmf-x86_64-202202-150400.5.21.1
qemu-uefi-aarch64-202202-150400.5.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
ovmf-202202-150400.5.21.1
ovmf-tools-202202-150400.5.21.1
qemu-ovmf-x86_64-202202-150400.5.21.1
qemu-uefi-aarch64-202202-150400.5.21.1
SUSE Linux Enterprise Micro 5.3
qemu-ovmf-x86_64-202202-150400.5.21.1
qemu-uefi-aarch64-202202-150400.5.21.1
SUSE Linux Enterprise Micro 5.4
qemu-ovmf-x86_64-202202-150400.5.21.1
qemu-uefi-aarch64-202202-150400.5.21.1
SUSE Linux Enterprise Server 15 SP4-LTSS
ovmf-202202-150400.5.21.1
ovmf-tools-202202-150400.5.21.1
qemu-ovmf-x86_64-202202-150400.5.21.1
qemu-uefi-aarch64-202202-150400.5.21.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
ovmf-202202-150400.5.21.1
ovmf-tools-202202-150400.5.21.1
qemu-ovmf-x86_64-202202-150400.5.21.1
Ссылки
- Link for SUSE-SU-2026:0212-1
- E-Mail link for SUSE-SU-2026:0212-1
- SUSE Security Ratings
- SUSE Bug 1218680
- SUSE CVE CVE-2022-36765 page
Описание
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ovmf-202202-150400.5.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ovmf-tools-202202-150400.5.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-ovmf-x86_64-202202-150400.5.21.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:qemu-uefi-aarch64-202202-150400.5.21.1
Ссылки
- CVE-2022-36765
- SUSE Bug 1218680