{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"edk2 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for edk2 is now available for openEuler-22.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\n\nSecurity Fix(es):\n\nIssue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.(CVE-2024-13176)\n\nIssue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-4741)", "category":"general", "title":"Description" }, { "text":"An update for edk2 is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"edk2", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1190", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1190" }, { "summary":"CVE-2024-13176", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-13176&packageName=edk2" }, { "summary":"CVE-2024-4741", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-4741&packageName=edk2" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-13176" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4741" }, { "summary":"openEuler-SA-2025-1190 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1190.json" } ], "title":"An update for edk2 is now available for openEuler-22.03-LTS-SP4", "tracking":{ "initial_release_date":"2025-03-04T15:58:26+08:00", "revision_history":[ { "date":"2025-03-04T15:58:26+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-03-04T15:58:26+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-03-04T15:58:26+08:00", "id":"openEuler-SA-2025-1190", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-202011-23.oe2203sp4.src.rpm", "name":"edk2-202011-23.oe2203sp4.src.rpm" }, "name":"edk2-202011-23.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-aarch64-202011-23.oe2203sp4.noarch.rpm", "name":"edk2-aarch64-202011-23.oe2203sp4.noarch.rpm" }, "name":"edk2-aarch64-202011-23.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-help-202011-23.oe2203sp4.noarch.rpm", "name":"edk2-help-202011-23.oe2203sp4.noarch.rpm" }, "name":"edk2-help-202011-23.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-ovmf-202011-23.oe2203sp4.noarch.rpm", "name":"edk2-ovmf-202011-23.oe2203sp4.noarch.rpm" }, "name":"edk2-ovmf-202011-23.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-edk2-devel-202011-23.oe2203sp4.noarch.rpm", "name":"python3-edk2-devel-202011-23.oe2203sp4.noarch.rpm" }, "name":"python3-edk2-devel-202011-23.oe2203sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-debuginfo-202011-23.oe2203sp4.aarch64.rpm", "name":"edk2-debuginfo-202011-23.oe2203sp4.aarch64.rpm" }, "name":"edk2-debuginfo-202011-23.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-debugsource-202011-23.oe2203sp4.aarch64.rpm", "name":"edk2-debugsource-202011-23.oe2203sp4.aarch64.rpm" }, "name":"edk2-debugsource-202011-23.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-devel-202011-23.oe2203sp4.aarch64.rpm", "name":"edk2-devel-202011-23.oe2203sp4.aarch64.rpm" }, "name":"edk2-devel-202011-23.oe2203sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-debuginfo-202011-23.oe2203sp4.x86_64.rpm", "name":"edk2-debuginfo-202011-23.oe2203sp4.x86_64.rpm" }, "name":"edk2-debuginfo-202011-23.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-debugsource-202011-23.oe2203sp4.x86_64.rpm", "name":"edk2-debugsource-202011-23.oe2203sp4.x86_64.rpm" }, "name":"edk2-debugsource-202011-23.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"edk2-devel-202011-23.oe2203sp4.x86_64.rpm", "name":"edk2-devel-202011-23.oe2203sp4.x86_64.rpm" }, "name":"edk2-devel-202011-23.oe2203sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-202011-23.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-202011-23.oe2203sp4.src", "name":"edk2-202011-23.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-aarch64-202011-23.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-aarch64-202011-23.oe2203sp4.noarch", "name":"edk2-aarch64-202011-23.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-help-202011-23.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-help-202011-23.oe2203sp4.noarch", "name":"edk2-help-202011-23.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-ovmf-202011-23.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-ovmf-202011-23.oe2203sp4.noarch", "name":"edk2-ovmf-202011-23.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-edk2-devel-202011-23.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-23.oe2203sp4.noarch", "name":"python3-edk2-devel-202011-23.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-debuginfo-202011-23.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.aarch64", "name":"edk2-debuginfo-202011-23.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-debugsource-202011-23.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.aarch64", "name":"edk2-debugsource-202011-23.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-devel-202011-23.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.aarch64", "name":"edk2-devel-202011-23.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-debuginfo-202011-23.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.x86_64", "name":"edk2-debuginfo-202011-23.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-debugsource-202011-23.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.x86_64", "name":"edk2-debugsource-202011-23.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"edk2-devel-202011-23.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.x86_64", "name":"edk2-devel-202011-23.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-13176", "notes":[ { "text":"Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:edk2-202011-23.oe2203sp4.src", "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-help-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:edk2-202011-23.oe2203sp4.src", "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-help-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1190" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.1, "vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:edk2-202011-23.oe2203sp4.src", "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-help-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-13176" }, { "cve":"CVE-2024-4741", "notes":[ { "text":"Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:edk2-202011-23.oe2203sp4.src", "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-help-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:edk2-202011-23.oe2203sp4.src", "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-help-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.x86_64" ], "details":"edk2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1190" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:edk2-202011-23.oe2203sp4.src", "openEuler-22.03-LTS-SP4:edk2-aarch64-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-help-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-ovmf-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-edk2-devel-202011-23.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:edk2-debuginfo-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-debugsource-202011-23.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:edk2-devel-202011-23.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-4741" } ] }