RockyLinux 9 : edk2 (RLSA-2024:9088)

🗓️ 19 Mar 2025 00:00:00Reported by TenableType

RockyLinux 9 has packages vulnerable to multiple issues including denial of service and key validation flaws.

Reporter	Title	Published	Views	Family All 618
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase	15 Jul 202413:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to DOS in OpenSSL (CVE-2024-0727)	14 May 202416:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package	1 Apr 202609:46	–	ibm
IBM Security Bulletins	Security Bulletin: vulnerability in OpenSSL affects IBM Workload Scheduler.	3 Sep 202422:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.	12 Mar 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.	19 Nov 202420:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service	13 May 202423:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Base OS issues	15 Apr 202503:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues	15 Apr 202503:13	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition	30 May 202418:50	–	ibm

Source	Link
errata	www.errata.rockylinux.org/RLSA-2024:9088
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2024:9088.
##

include('compat.inc');

if (description)
{
  script_id(232942);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/19");

  script_cve_id(
    "CVE-2023-6129",
    "CVE-2023-6237",
    "CVE-2024-0727",
    "CVE-2024-1298"
  );
  script_xref(name:"RLSA", value:"2024:9088");

  script_name(english:"RockyLinux 9 : edk2 (RLSA-2024:9088)");

  script_set_attribute(attribute:"synopsis", value:
"The remote RockyLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2024:9088 advisory.

    * mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)

    * openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

    * openssl: denial of service via null dereference (CVE-2024-0727)

    * edk2: Temporary DoS vulnerability (CVE-2024-1298)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2024:9088");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2257571");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258502");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2259944");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2284243");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-6129");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:edk2-aarch64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:edk2-ovmf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:edk2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:edk2-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:edk2-tools-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:9");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'RockyLinux 9.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var pkgs = [
    {'reference':'edk2-aarch64-20240524-6.el9_5.3', 'release':'9', 'el_string':'el9_5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-ovmf-20240524-6.el9_5.3', 'release':'9', 'el_string':'el9_5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-20240524-6.el9_5.3', 'cpu':'aarch64', 'release':'9', 'el_string':'el9_5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-20240524-6.el9_5.3', 'cpu':'x86_64', 'release':'9', 'el_string':'el9_5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-debuginfo-20240524-6.el9_5.3', 'cpu':'aarch64', 'release':'9', 'el_string':'el9_5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-debuginfo-20240524-6.el9_5.3', 'cpu':'x86_64', 'release':'9', 'el_string':'el9_5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-doc-20240524-6.el9_5.3', 'release':'9', 'el_string':'el9_5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'edk2-aarch64 / edk2-ovmf / edk2-tools / edk2-tools-debuginfo / etc');
}

19 Mar 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

EPSS0.03174

SSVC