Home » Red Hat edk2 is weak: The vulnerability permits unspecified assaults

Red Hat edk2 is weak: The vulnerability permits unspecified assaults

by admin
Red Hat edk2 is weak: The vulnerability permits unspecified assaults

The safety alert issued for Red Hat edk2 has obtained an replace from BSI. You can examine which working techniques and merchandise are affected by the safety hole right here at information.de.

Federal workplace for Security on Information Technology (BSI) issued an replace on June 4, 2024 relating to the Red Hat edk2 safety vulnerability recognized on April 28, 2020. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Red Hat Enterprise Linux and Oracle Linux.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Oracle Linux Security Advisory ELSA-2024-12408 (As of June 5, 2024). Some helpful sources are listed later on this article.

Red Hat edk2 Security Advisory – Risk: Medium

Risk degree: 3 (average)
CVSS Base Score: 6.4
CVSS interim rating: 5,6
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in laptop techniques. The CVSS normal makes it doable to check potential or precise safety dangers based mostly on numerous metrics in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally bear in mind adjustments over time within the threat scenario. The severity of the vulnerability mentioned right here is classed as “average” based on the CVSS with a base rating of 6.4.

See also  Russian hackers attack Italy after Meloni's visit to Ukraine

Red Hat edk2 Bug: Vulnerability permits unspecified assaults

Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.

An area attacker may exploit a vulnerability in Red Hat edk2 to carry out an unspecified assault.

Vulnerabilities had been labeled utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2019-14563.

Systems affected by the safety hole at a look

working system
Linux

Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Oracle Linux (cpe:/o:oracle:linux)

General steps for coping with IT vulnerabilities

  1. Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This usually accommodates extra details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually verify the desired sources to see if a brand new safety replace is offered.

Sources for updates, patches and workarounds

Here you can find some hyperlinks with details about bug stories, safety fixes and workarounds.

Oracle Linux Security Advisory ELSA-2024-12408 vom 2024-06-05 (04.06.2024)
For extra data, see:

Debian Security Advisory DLA-2645 vom 2021-04-29 (29.04.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2020:3194 vom 2020-07-28 (28.07.2020)
For extra data, see:

Red Hat Security Advisory RHSA-2020:1712 vom 2020-04-28 (28.04.2020)
For extra data, see:

See also  The coal region is transforming into a center for renewable energies

Version historical past of this safety alert

This is model 5 of this Red Hat IT safety bulletin edk2. This doc shall be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.

April 28, 2020 – First model
May 3, 2020 – References added: USN-4349-1
July 28, 2020 – New updates from Red Hat have been added
April 29, 2021 – New updates from Debian added
June 4, 2024 – New Oracle Linux updates added

+++ Editorial be aware: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can find sizzling information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy