Launchpad CVE tracker

CVE 2023-45235

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Related bugs and status

CVE-2023-45235 (Candidate) is related to these bugs:

Bug #2040137: exposing the EFI shell in Secure Boot mode can lead to security bypass

		In	Importance	Status
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Focal)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Focal)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Noble)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Noble)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Jammy)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Jammy)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Mantic)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Mantic)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-45235

References