Bug 2284243 (CVE-2024-1298) - CVE-2024-1298 edk2: Temporary DoS vulnerability
Summary: CVE-2024-1298 edk2: Temporary DoS vulnerability
Keywords:
Status: NEW
Alias: CVE-2024-1298
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2284244 2284246 2284247 2284248
Blocks: 2284245
TreeView+ depends on / blocked
 
Reported: 2024-06-02 14:05 UTC by ybuenos
Modified: 2024-08-20 15:49 UTC (History)
0 users

Fixed In Version: edk2 202405
Doc Type: ---
Doc Text:
A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of availability.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:4747 0 None None None 2024-07-23 15:28:08 UTC
Red Hat Product Errata RHSA-2024:5297 0 None None None 2024-08-13 15:26:20 UTC
Red Hat Product Errata RHSA-2024:5623 0 None None None 2024-08-20 15:49:47 UTC

Description ybuenos 2024-06-02 14:05:55 UTC
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53

Comment 1 ybuenos 2024-06-02 14:06:12 UTC
Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2284244]

Comment 2 ybuenos 2024-06-02 14:08:50 UTC
Created edk2 tracking bugs for this issue:

Affects: epel-all [bug 2284246]


Created efifs tracking bugs for this issue:

Affects: epel-all [bug 2284247]
Affects: fedora-all [bug 2284248]

Comment 4 errata-xmlrpc 2024-07-23 15:28:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4747 https://access.redhat.com/errata/RHSA-2024:4747

Comment 5 errata-xmlrpc 2024-08-13 15:26:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5297 https://access.redhat.com/errata/RHSA-2024:5297

Comment 6 errata-xmlrpc 2024-08-20 15:49:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:5623 https://access.redhat.com/errata/RHSA-2024:5623


Note You need to log in before you can comment on or make changes to this bug.