update: edk2-bin

[dongsupark]

Name: edk2-ovmf-bin
CVEs: CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2024-1298, CVE-2024-38796,
CVSSs: 7.8, 7.8, 7.8, 6.5, 8.8, 6.5, 7.5, 7.5, 8.8, 8.8, 7.5, 7.5, 6.0, 5.9
Action Needed: TBD for CVE-2023-*, update to >= 202405 for CVE-2024-1298, >= 202408 for CVE-2024-38796

Summary:

• CVE-2022-36763: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
• CVE-2022-36764: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
• CVE-2022-36765: EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
• CVE-2023-45229: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message
• CVE-2023-45230: Buffer overflow in the DHCPv6 client via a long Server ID option
• CVE-2023-45231: Out of Bounds read when handling a ND Redirect message with truncated options
• CVE-2023-45232: Infinite loop when parsing unknown options in the Destination Options header
• CVE-2023-45233: Infinite loop when parsing a PadN option in the Destination Options header
• CVE-2023-45234: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
• CVE-2023-45235: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
• CVE-2023-45236: Predictable TCP Initial Sequence Numbers
• CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
• CVE-2024-1298: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
  • https://bugzilla.redhat.com/show_bug.cgi?id=2284243
• CVE-2024-38796: Integer overflows in PeCoffLoaderRelocateImage() may cause memory corruption.
  • https://bugzilla.redhat.com/show_bug.cgi?id=2315390

Not critical, as edk2-bin is only included in the Flatcar SDK.

refmap.gentoo:

• https://bugs.gentoo.org/921729
• https://bugs.gentoo.org/922253

[tormath1]

Added: CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236 and CVE-2023-45237

[dongsupark]

Added CVE-2024-1298.

[dongsupark]

Added CVE-2024-38796

[dongsupark]

CVE-2024-1298, CVE-2024-38796 were fixed by flatcar/scripts#2388, included in Alpha 4152.0.0.