Insyde Security Advisory 2023066

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023066 Software Refer to advisory 5.3~8.3 01/16/2024 01/16/2024

Summary:

VU#132380
Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

Vulnerability Details:

  1. CVE-2023-45229: edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message.
    CVSS: 6.5
    CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  2. CVE-2023-45230: edk2/NetworkPkg: Buffer overflow in the DHCPv6 client via a long Server ID option.
    CVSS: 8.3
    CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
  3. CVE-2023-45231: edk2/NetworkPkg: Out-of-bounds read when handling a ND Redirect message with truncated options.
    CVSS: 6.5
    CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  4. CVE-2023-45232: edk2/NetworkPkg: Infinite loop when parsing unknown options in the Destination Options header.
    CVSS: 7.5
    CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5. CVE-2023-45233: edk2/NetworkPkg: Infinite loop when parsing a PadN option in the Destination Options header.
    CVSS: 7.5
    CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  6. CVE-2023-45234: edk2/NetworkPkg: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
    [InsydeH2O kernel 5.2 and Kernel 5.3 prioir to 05.31.51 are unaffected].
    CVSS: 8.3
    CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
  7. CVE-2023-45235: edk2/NetworkPkg: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message.
    CVSS: 8.3
    CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
  8. CVE-2023-45236: Predictable TCP ISNs.
    CVSS: 5.8
    CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  9. CVE-2023-45237: Use of a Weak PseudoRandom NumberGenerator.
    CVSS: 5.3
    CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution Information:
kernel 5.2: Version 05.28.49
kernel 5.3: Version 05.37.49
kernel 5.4: Version 05.45.49
kernel 5.5: Version 05.53.49
kernel 5.6: Version 05.60.49

Notice:
The network stack in InsydeH2O is primarily used for downloading signed OS images to be verified and booted, thus the risk that CVE-2023-45236 & CVE-2023-45237 expose is very low and do not require immediate enhancement. Insyde is still evaluating these low priority issues. Meanwhile, Insyde will watch Tianocore closely for any enhancement.

Revision History:

Revision Date Description
1.0 01/16/2024 Initial Release
1.1 01/16/2024 Updated CVSS for CVE-2023-45232, CVE-2023-45233, CVE-2023-45236, CVE-2023-45237.

Return to Insyde's Security Pledge