Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023066

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

5.3~8.3

2024-01-16

2024-01-16

Summary

VU#132380
Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

Vulnerability Details

CVSS Vector: Multiple

    1. CVE-2023-45229: edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message.
      CVSS: 6.5
      CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    2. CVE-2023-45230: edk2/NetworkPkg: Buffer overflow in the DHCPv6 client via a long Server ID option.
      CVSS: 8.3
      CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
    3. CVE-2023-45231: edk2/NetworkPkg: Out-of-bounds read when handling a ND Redirect message with truncated options.
      CVSS: 6.5
      CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    4. CVE-2023-45232: edk2/NetworkPkg: Infinite loop when parsing unknown options in the Destination Options header.
      CVSS: 7.5
      CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    5. CVE-2023-45233: edk2/NetworkPkg: Infinite loop when parsing a PadN option in the Destination Options header.
      CVSS: 7.5
      CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    6. CVE-2023-45234: edk2/NetworkPkg: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
      [InsydeH2O kernel 5.2 and Kernel 5.3 prioir to 05.31.51 are unaffected].
      CVSS: 8.3
      CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
    7. CVE-2023-45235: edk2/NetworkPkg: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message.
      CVSS: 8.3
      CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
    8. CVE-2023-45236: Predictable TCP ISNs.
      CVSS: 5.8
      CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
    9. CVE-2023-45237: Use of a Weak PseudoRandom NumberGenerator.
      CVSS: 5.3
      CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution Information

kernel 5.2: Version 05.28.49
kernel 5.3: Version 05.37.49
kernel 5.4: Version 05.45.49
kernel 5.5: Version 05.53.49
kernel 5.6: Version 05.60.49

Acknowledgements

Revision History

Revision #

Date

Description

1

2024-01-16

Initial Release

1.1

2024-01-16

Updated CVSS for CVE-2023-45232, CVE-2023-45233, CVE-2023-45236, CVE-2023-45237