{"schema_version":"1.7.2","id":"OESA-2025-1192","modified":"2025-02-28T15:32:53Z","published":"2025-02-28T15:32:53Z","upstream":["CVE-2023-5363","CVE-2024-13176","CVE-2024-4741"],"summary":"edk2 security update","details":"EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\n\nIssue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths.  This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established.  Any alterations to the key length,\nvia the \u0026quot;keylen\u0026quot; parameter or the IV length, via the \u0026quot;ivlen\u0026quot; parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values.  The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality.  For example, when following NIST\u0026apos;s SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception.  However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.(CVE-2023-5363)\n\nIssue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.(CVE-2024-13176)\n\nIssue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-4741)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"edk2","purl":"pkg:rpm/openEuler/edk2\u0026distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"202308-18.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["edk2-debuginfo-202308-18.oe2403sp1.aarch64.rpm","edk2-debugsource-202308-18.oe2403sp1.aarch64.rpm","edk2-devel-202308-18.oe2403sp1.aarch64.rpm"],"noarch":["edk2-aarch64-202308-18.oe2403sp1.noarch.rpm","edk2-help-202308-18.oe2403sp1.noarch.rpm","edk2-ovmf-202308-18.oe2403sp1.noarch.rpm","python3-edk2-devel-202308-18.oe2403sp1.noarch.rpm"],"src":["edk2-202308-18.oe2403sp1.src.rpm"],"x86_64":["edk2-debuginfo-202308-18.oe2403sp1.x86_64.rpm","edk2-debugsource-202308-18.oe2403sp1.x86_64.rpm","edk2-devel-202308-18.oe2403sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1192"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5363"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-13176"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4741"}],"database_specific":{"severity":"High"}}