Launchpad CVE tracker

CVE 2023-45232

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Related bugs and status

CVE-2023-45232 (Candidate) is related to these bugs:

Bug #2040137: exposing the EFI shell in Secure Boot mode can lead to security bypass

		In	Importance	Status
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Focal)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Focal)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Noble)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Noble)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Jammy)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Jammy)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Mantic)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Mantic)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-45232

References