PT-2023-8395 · Tianocore+11 · Edk2+11

Doug Flick

·

Published

2023-08-03

·

Updated

2025-11-28

·

CVE-2023-45237

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:N/C:P/I:N/A:C
Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)
Description The EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number, which can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. The vulnerability is related to errors in the code generator of pseudorandom numbers when handling the Seed parameter in the NetRandomInitSeed() function of the Tianocore edk2 library. This can allow a remote attacker to gain unauthorized access to protected information or cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-338

Related Identifiers

ALSA-2024:4749
ALSA-2024:5297
ALT-PU-2024-14732
ALT-PU-2024-14734
ALT-PU-2024-14950
AZL-38164
AZL-39220
AZL-39541
BDU:2024-00626
CESA-2024_5297
CVE-2023-45237
GHSA-HC6X-CW6P-GJ7H
INFSA-2024_4749
INFSA-2024_5297
OESA-2024-2301
OPENSUSE-SU-2024:14336-1
OPENSUSE-SU-2025_0407-1
OPENSUSE-SU-2025_0421-1
OPENSUSE-SU-2025_0503-1
RHSA-2024:4419
RHSA-2024:4749
RHSA-2024:5297
RHSA-2024_4749
RHSA-2024_5297
SUSE-SU-2025:0407-1
SUSE-SU-2025:0421-1
SUSE-SU-2025:0503-1
SUSE-SU-2025:0608-1
SUSE-SU-2025:0609-1
SUSE-SU-2025:0690-1
SUSE-SU-2025_0421-1
SUSE-SU-2025_0503-1
USN-7894-1
USN-7894-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Edk2
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu