Описание
Security update for ovmf
This update for ovmf fixes the following issues:
- CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
ovmf-202208-150500.6.12.1
ovmf-tools-202208-150500.6.12.1
qemu-ovmf-x86_64-202208-150500.6.12.1
qemu-uefi-aarch64-202208-150500.6.12.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
ovmf-202208-150500.6.12.1
ovmf-tools-202208-150500.6.12.1
qemu-ovmf-x86_64-202208-150500.6.12.1
qemu-uefi-aarch64-202208-150500.6.12.1
SUSE Linux Enterprise Micro 5.5
qemu-ovmf-x86_64-202208-150500.6.12.1
qemu-uefi-aarch64-202208-150500.6.12.1
SUSE Linux Enterprise Server 15 SP5-LTSS
ovmf-202208-150500.6.12.1
ovmf-tools-202208-150500.6.12.1
qemu-ovmf-x86_64-202208-150500.6.12.1
qemu-uefi-aarch64-202208-150500.6.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
ovmf-202208-150500.6.12.1
ovmf-tools-202208-150500.6.12.1
qemu-ovmf-x86_64-202208-150500.6.12.1
Ссылки
- Link for SUSE-SU-2026:0213-1
- E-Mail link for SUSE-SU-2026:0213-1
- SUSE Security Ratings
- SUSE Bug 1218680
- SUSE CVE CVE-2022-36765 page
Описание
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ovmf-202208-150500.6.12.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:ovmf-tools-202208-150500.6.12.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qemu-ovmf-x86_64-202208-150500.6.12.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qemu-uefi-aarch64-202208-150500.6.12.1
Ссылки
- CVE-2022-36765
- SUSE Bug 1218680