CVE-2023-45236
EUVD-2023-4954216.01.2024, 16:15
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tianocore | edk2 | 𝑥 ≤ 202311 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||
|---|---|---|---|---|---|
| ovmf-202202 |
| ||||
| ovmf-202208 |
| ||||
| ovmf-202308 |
| ||||
| ovmf-202408 |
| ||||
| ovmf-tools-202202 |
| ||||
| ovmf-tools-202208 |
| ||||
| ovmf-tools-202308 |
| ||||
| ovmf-tools-202408 |
| ||||
| qemu-ovmf-x86_64-202202 |
| ||||
| qemu-ovmf-x86_64-202208 |
| ||||
| qemu-ovmf-x86_64-202308 |
| ||||
| qemu-ovmf-x86_64-202408 |
| ||||
| qemu-uefi-aarch64-202202 |
| ||||
| qemu-uefi-aarch64-202208 |
| ||||
| qemu-uefi-aarch64-202308 |
| ||||
| qemu-uefi-aarch64-202408 |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
References