{"schema_version":"1.7.2","id":"OESA-2024-2550","modified":"2024-12-13T13:18:54Z","published":"2024-12-13T13:18:54Z","upstream":["CVE-2023-20584","CVE-2023-31356"],"summary":"linux-firmware security update","details":"This package contains firmware images required by some devices.\r\n\r\nSecurity Fix(es):\r\n\r\nIOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity.(CVE-2023-20584)\r\n\r\nIncomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity.(CVE-2023-31356)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"linux-firmware","purl":"pkg:rpm/openEuler/linux-firmware\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20241017-1.oe2203sp1"}]}],"ecosystem_specific":{"noarch":["linux-firmware-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-ath-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-cypress-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-iwlwifi-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-libertas-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-mediatek-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-mrvl-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-netronome-20241017-1.oe2203sp1.noarch.rpm","linux-firmware-ti-connectivity-20241017-1.oe2203sp1.noarch.rpm"],"src":["linux-firmware-20241017-1.oe2203sp1.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2550"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-20584"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31356"}],"database_specific":{"severity":"Medium"}}