Bug 1971724 (CVE-2021-28213)
| Summary: | CVE-2021-28213 edk2: encrypted private key in the IpSecDxe.efi present potential security risks | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | berrange, crobinso, kraxel, lersek, pbonzini, philmd, virt-maint, virt-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-02 19:45:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1971725, 1971726 | ||
| Bug Blocks: | 1971727 | ||
|
Description
Guilherme de Almeida Suckevicz
2021-06-14 16:33:31 UTC
Created edk2 tracking bugs for this issue: Affects: epel-7 [bug 1971725] Affects: fedora-all [bug 1971726] Hello Guilherme, IpSecDxe is not included in any firmware binary we ship, in any Fedora or RHEL release. (IpSecDxe is not included in any ArmVirtPkg or OvmfPkg platform even upstream.) Thanks, Laszlo (In fact, upstream edk2 removed the ipsec driver altogether, in commit d55d9d066436 ("NetworkPkg: Remove IpSec driver and application", 2019-04-29); for TianoCore#1697.)
As mentioned by Laszlo IpSecDxe was removed back in 2019 from edk2. Both Red Hat Enterprise 8 version is newer than the version where the commit was introduced and doesn't ship the affected component. |