AZL-42337 CVE-2024-1298 affecting package hvloader for versions less than 1.0.1-3

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability...

AZL-39541 CVE-2023-45237 affecting package hvloader for versions less than 1.0.1-3

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...