{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"edk2 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for edk2 is now available for openEuler-20.03-LTS-SP4.", "category":"general", "title":"Summary" }, { "text":"EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\n\nSecurity Fix(es):\n\n\nEDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.\n\n(CVE-2022-36764)\n\nEDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.(CVE-2023-45229)\n\n EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n(CVE-2023-45230)\n\nEDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing  Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.(CVE-2023-45231)\n\n EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\n\n(CVE-2023-45232)\n\n EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\n\n(CVE-2023-45233)\n\n EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n(CVE-2023-45234)\n\n EDK2's Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n(CVE-2023-45235)", "category":"general", "title":"Description" }, { "text":"An update for edk2 is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"edk2", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-1315", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" }, { "summary":"CVE-2022-36764", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2022-36764&packageName=edk2" }, { "summary":"CVE-2023-45229", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-45229&packageName=edk2" }, { "summary":"CVE-2023-45230", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-45230&packageName=edk2" }, { "summary":"CVE-2023-45231", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-45231&packageName=edk2" }, { "summary":"CVE-2023-45232", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-45232&packageName=edk2" }, { "summary":"CVE-2023-45233", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-45233&packageName=edk2" }, { "summary":"CVE-2023-45234", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-45234&packageName=edk2" }, { "summary":"CVE-2023-45235", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-45235&packageName=edk2" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36764" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45229" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45230" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45231" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45232" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45233" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45234" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45235" }, { "summary":"openEuler-SA-2024-1315 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1315.json" } ], "title":"An update for edk2 is now available for openEuler-20.03-LTS-SP4", "tracking":{ "initial_release_date":"2024-03-22T09:13:35+08:00", "revision_history":[ { "date":"2024-03-22T09:13:35+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:13:35+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:13:35+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:13:35+08:00", "id":"openEuler-SA-2024-1315", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-devel-202002-19.oe2003sp4.aarch64.rpm", "name":"edk2-devel-202002-19.oe2003sp4.aarch64.rpm" }, "name":"edk2-devel-202002-19.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-debuginfo-202002-19.oe2003sp4.aarch64.rpm", "name":"edk2-debuginfo-202002-19.oe2003sp4.aarch64.rpm" }, "name":"edk2-debuginfo-202002-19.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-debugsource-202002-19.oe2003sp4.aarch64.rpm", "name":"edk2-debugsource-202002-19.oe2003sp4.aarch64.rpm" }, "name":"edk2-debugsource-202002-19.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-aarch64-202002-19.oe2003sp4.noarch.rpm", "name":"edk2-aarch64-202002-19.oe2003sp4.noarch.rpm" }, "name":"edk2-aarch64-202002-19.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python3-edk2-devel-202002-19.oe2003sp4.noarch.rpm", "name":"python3-edk2-devel-202002-19.oe2003sp4.noarch.rpm" }, "name":"python3-edk2-devel-202002-19.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-help-202002-19.oe2003sp4.noarch.rpm", "name":"edk2-help-202002-19.oe2003sp4.noarch.rpm" }, "name":"edk2-help-202002-19.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-ovmf-202002-19.oe2003sp4.noarch.rpm", "name":"edk2-ovmf-202002-19.oe2003sp4.noarch.rpm" }, "name":"edk2-ovmf-202002-19.oe2003sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-202002-19.oe2003sp4.src.rpm", "name":"edk2-202002-19.oe2003sp4.src.rpm" }, "name":"edk2-202002-19.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-devel-202002-19.oe2003sp4.x86_64.rpm", "name":"edk2-devel-202002-19.oe2003sp4.x86_64.rpm" }, "name":"edk2-devel-202002-19.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-debugsource-202002-19.oe2003sp4.x86_64.rpm", "name":"edk2-debugsource-202002-19.oe2003sp4.x86_64.rpm" }, "name":"edk2-debugsource-202002-19.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"edk2-debuginfo-202002-19.oe2003sp4.x86_64.rpm", "name":"edk2-debuginfo-202002-19.oe2003sp4.x86_64.rpm" }, "name":"edk2-debuginfo-202002-19.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-devel-202002-19.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "name":"edk2-devel-202002-19.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-debuginfo-202002-19.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "name":"edk2-debuginfo-202002-19.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-debugsource-202002-19.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "name":"edk2-debugsource-202002-19.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-aarch64-202002-19.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "name":"edk2-aarch64-202002-19.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python3-edk2-devel-202002-19.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "name":"python3-edk2-devel-202002-19.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-help-202002-19.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "name":"edk2-help-202002-19.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-ovmf-202002-19.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "name":"edk2-ovmf-202002-19.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-202002-19.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "name":"edk2-202002-19.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-devel-202002-19.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "name":"edk2-devel-202002-19.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-debugsource-202002-19.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "name":"edk2-debugsource-202002-19.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"edk2-debuginfo-202002-19.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64", "name":"edk2-debuginfo-202002-19.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-36764", "notes":[ { "text":"EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.0, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-36764" }, { "cve":"CVE-2023-45229", "notes":[ { "text":"EDK2 s Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-45229" }, { "cve":"CVE-2023-45230", "notes":[ { "text":"EDK2 s Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.3, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-45230" }, { "cve":"CVE-2023-45231", "notes":[ { "text":"EDK2 s Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-45231" }, { "cve":"CVE-2023-45232", "notes":[ { "text":"EDK2 s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-45232" }, { "cve":"CVE-2023-45233", "notes":[ { "text":"EDK2 s Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-45233" }, { "cve":"CVE-2023-45234", "notes":[ { "text":"EDK2 s Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.3, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-45234" }, { "cve":"CVE-2023-45235", "notes":[ { "text":"EDK2 s Network Package is susceptible to a buffer overflow vulnerability whenhandling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1315" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.3, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:edk2-aarch64-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:python3-edk2-devel-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-help-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-ovmf-202002-19.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:edk2-202002-19.oe2003sp4.src", "openEuler-20.03-LTS-SP4:edk2-devel-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debugsource-202002-19.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:edk2-debuginfo-202002-19.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-45235" } ] }