rhsa-2019_2125
Vulnerability from csaf_redhat
Published
2019-08-06 12:11
Modified
2024-09-16 02:06
Summary
Red Hat Security Advisory: ovmf security and enhancement update
Notes
Topic
An update for ovmf is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
* edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)
* edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)
* edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)
* edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)
* edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)
* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)
* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)
* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2125",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1641433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433"
},
{
"category": "external",
"summary": "1641442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442"
},
{
"category": "external",
"summary": "1641446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446"
},
{
"category": "external",
"summary": "1641450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450"
},
{
"category": "external",
"summary": "1641458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458"
},
{
"category": "external",
"summary": "1641465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1686783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783"
},
{
"category": "external",
"summary": "1691640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640"
},
{
"category": "external",
"summary": "1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_2125.json"
}
],
"title": "Red Hat Security Advisory: ovmf security and enhancement update",
"tracking": {
"current_release_date": "2024-09-16T02:06:50+00:00",
"generator": {
"date": "2024-09-16T02:06:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2019:2125",
"initial_release_date": "2019-08-06T12:11:30+00:00",
"revision_history": [
{
"date": "2019-08-06T12:11:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T12:11:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T02:06:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"product": {
"name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"product_id": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/OVMF@20180508-6.gitee3198e672e2.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"product": {
"name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"product_id": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovmf@20180508-6.gitee3198e672e2.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch"
},
"product_reference": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
},
"product_reference": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"relates_to_product_reference": "7Server-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5731",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641442"
}
],
"notes": [
{
"category": "description",
"text": "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5731"
},
{
"category": "external",
"summary": "RHBZ#1641442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c"
},
{
"cve": "CVE-2017-5732",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641446"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5732"
},
{
"category": "external",
"summary": "RHBZ#1641446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c"
},
{
"cve": "CVE-2017-5733",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641450"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5733"
},
{
"category": "external",
"summary": "RHBZ#1641450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5733",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function"
},
{
"cve": "CVE-2017-5734",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641458"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5734"
},
{
"category": "external",
"summary": "RHBZ#1641458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function"
},
{
"cve": "CVE-2017-5735",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641465"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5735"
},
{
"category": "external",
"summary": "RHBZ#1641465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function"
},
{
"cve": "CVE-2018-3613",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641433"
}
],
"notes": [
{
"category": "description",
"text": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3613"
},
{
"category": "external",
"summary": "RHBZ#1641433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-12181",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686783"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Stack buffer overflow with corrupted BMP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12181"
},
{
"category": "external",
"summary": "RHBZ#1686783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Stack buffer overflow with corrupted BMP"
},
{
"cve": "CVE-2019-0160",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2019-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1691640"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows were discovered in UDF-related codes under MdeModulePkg\\Universal\\Disk\\PartitionDxe\\Udf.c and MdeModulePkg\\Universal\\Disk\\UdfDxe, which could be triggered with long file names or invalid formatted UDF media.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0160"
},
{
"category": "external",
"summary": "RHBZ#1691640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media"
},
{
"cve": "CVE-2019-0161",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694065"
}
],
"notes": [
{
"category": "description",
"text": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: stack overflow in XHCI causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0161"
},
{
"category": "external",
"summary": "RHBZ#1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
}
],
"release_date": "2018-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: stack overflow in XHCI causing denial of service"
}
]
}
Loading...