USN-6638-1: EDK II vulnerabilities
Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. (CVE-2022-36763, CVE-2022-36764, CVE-2022-36765) It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution. (CVE-2023-45230, CVE-2023-45234, CVE-2023-45235) It was discovered that an out-of-bounds read exists in EDK2's Network Package An attacker on the local network could potentially use this to impact confidentiality. (CVE-2023-45231) It was discovered that infinite-loops exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability. (CVE-2023-45232, CVE-2023-45233) Mate Kukri discovered that an insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. An attacker could use this to bypass Secure Boot. (CVE-2023-48733)
Affected Software
Event History
Child vulnerabilities
Contains the following vulnerabilities.
Frequently Asked Questions
What is the severity of USN-6638-1?
USN-6638-1 is categorized as a high severity vulnerability due to potential remote code execution risks.
How do I fix USN-6638-1?
To fix USN-6638-1, update the affected packages to the specified versions in the Ubuntu security advisory.
Which versions of Ubuntu are affected by USN-6638-1?
USN-6638-1 affects Ubuntu versions 20.04, 22.04, and 23.10.
What types of attacks can exploit USN-6638-1?
Attackers can exploit USN-6638-1 through buffer overflow vulnerabilities to potentially execute arbitrary code.
Is USN-6638-1 related to any known CVEs?
Yes, USN-6638-1 is associated with CVE-2022-36763, CVE-2022-36764, and CVE-2022-36765.