Bug 2315390 (CVE-2024-38796)

Summary: CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2315597, 2315598    
Bug Blocks:    

Description OSIDB Bzimport 2024-09-27 22:20:34 UTC 
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
Comment 1 errata-xmlrpc 2024-11-19 00:22:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:9930 https://access.redhat.com/errata/RHSA-2024:9930
Comment 2 errata-xmlrpc 2024-11-19 00:45:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:9946 https://access.redhat.com/errata/RHSA-2024:9946
Comment 3 errata-xmlrpc 2024-11-19 01:26:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:9921 https://access.redhat.com/errata/RHSA-2024:9921
Comment 4 errata-xmlrpc 2024-11-19 01:32:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:9956 https://access.redhat.com/errata/RHSA-2024:9956
Comment 5 errata-xmlrpc 2024-11-26 00:25:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:10272 https://access.redhat.com/errata/RHSA-2024:10272
Comment 6 errata-xmlrpc 2024-11-26 00:35:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:10268 https://access.redhat.com/errata/RHSA-2024:10268
Comment 7 errata-xmlrpc 2024-12-17 01:05:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:11194 https://access.redhat.com/errata/RHSA-2024:11194
Comment 8 errata-xmlrpc 2024-12-17 03:04:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:11185 https://access.redhat.com/errata/RHSA-2024:11185
Comment 9 errata-xmlrpc 2024-12-17 11:01:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:11219 https://access.redhat.com/errata/RHSA-2024:11219