USN-6638-1: EDK II vulnerabilities

Read Time:50 Second

Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the
local network could potentially use this to impact availability or possibly
cause remote code execution. (CVE-2022-36763, CVE-2022-36764,
CVE-2022-36765)

It was discovered that a buffer overflows exists in EDK2’s Network Package
An attacker on the local network could potentially use these to impact
availability or possibly cause remote code execution. (CVE-2023-45230,
CVE-2023-45234, CVE-2023-45235)

It was discovered that an out-of-bounds read exists in EDK2’s Network
Package An attacker on the local network could potentially use this to
impact confidentiality. (CVE-2023-45231)

It was discovered that infinite-loops exists in EDK2’s Network Package
An attacker on the local network could potentially use these to impact
availability. (CVE-2023-45232, CVE-2023-45233)

Mate Kukri discovered that an insecure default to allow UEFI Shell in
EDK2 was left enabled in Ubuntu’s EDK2. An attacker could use this to
bypass Secure Boot. (CVE-2023-48733)

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

USN-6638-1: EDK II vulnerabilities

stb-0-0.50.20241002git31707d1.el8

USN-7169-5: Linux kernel (Real-time) vulnerabilities

stb-0^20241002git31707d1-4.el9

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability