Package "edk2"

  edk2 (2024.02-2ubuntu0.6) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service via excessive time
    - debian/patches/CVE-2023-3446.patch: adds check to prevent the testing
      of an excessively large modulus in DH_check() in
      CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c,
      CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h.
    - CVE-2023-3446
  * SECURITY UPDATE: denial of service via invalid q values
    - debian/patches/CVE-2023-3817.patch: adds check to prevent the testing
      of invalid q values in DH_check() in
      CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c.
    - CVE-2023-3817
  * SECURITY UPDATE: predictable TCP Initial Sequence Number
    - debian/patches/CVE-2023-45236.patch: update TCP ISN generation in
      NetworkPkg/TcpDxe/TcpDriver.c, NetworkPkg/TcpDxe/TcpDxe.inf,
      NetworkPkg/TcpDxe/TcpFunc.h, NetworkPkg/TcpDxe/TcpInput.c,
      NetworkPkg/TcpDxe/TcpMain.h, NetworkPkg/TcpDxe/TcpMisc.c,
      NetworkPkg/TcpDxe/TcpTimer.c.
    - CVE-2023-45236
  * SECURITY UPDATE: predictable TCP Initial Sequence Number
    - debian/patches/CVE-2023-45237.patch: fix use of weak PRNG in
      NetworkPkg/*.
    - CVE-2023-45237
  * SECURITY UPDATE: Excessive time spent in DH check / generation with
    large Q parameter value
    - debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
      DH_generate_key() safer yet in
      CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_err.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_key.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/err/openssl.txt,
      CryptoPkg/Library/OpensslLib/openssl/include/crypto/dherr.h,
      CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h,
      CryptoPkg/Library/OpensslLib/openssl/include/openssl/dherr.h.
    - CVE-2023-5678
  * SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
    - debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
      public key check in
      CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_sp800_56b_check.c.
    - CVE-2023-6237
  * SECURITY UPDATE: PKCS12 Decoding crashes
    - debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
      data can be NULL in
      CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c.
    - CVE-2024-0727
  * SECURITY UPDATE: division-by-zero in S3 sleep
    - debian/patches/CVE-2024-1298.patch: fix potential UINT32 overflow in
      S3 ResumeCount in
      MdeModulePkg/Universal/Acpi/Firmware*/FirmwarePerformancePei.c.
    - CVE-2024-1298
  * SECURITY UPDATE: Timing side-channel in ECDSA signature computation
    - debian/patches/CVE-2024-13176.patch: fix timing side-channel in
      CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c,
      CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h.
    - CVE-2024-13176
  * SECURITY UPDATE: unbounded memory growth
    - debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
      growth in TLSv1.3 in
      CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c,
      CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c,
      CryptoPkg/Library/OpensslLib/openssl/ssl/statem/statem_srvr.c.
    - CVE-2024-2511
  * SECURITY UPDATE: overflow in PeCoffLoaderRelocateImage()
    - debian/patches/CVE-2024-38796.patch: fix overflow issue in
      BasePeCoffLib in MdePkg/Library/BasePeCoffLib/BasePeCoff.c.
    - CVE-2024-38796
  * SECURITY UPDATE: out of bounds read in HashPeImageByType()
    - debian/patches/CVE-2024-38797-1.patch: fix OOB read in
      SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
    - debian/patches/CVE-2024-38797-2.patch: improve logic in
      SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
    - debian/patches/CVE-2024-38797-3.patch: improve logic in
      SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c.
    - CVE-2024-38797
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2024-38805.patch: fix for out of bound memory
      access in NetworkPkg/IScsiDxe/IScsiProto.c.
    - CVE-2024-38805
  * SECURITY UPDATE: use after free with SSL_free_buffers
    - debian/patches/CVE-2024-4741.patch: only free the read buffers if
      we're not using them in
      CryptoPkg/Library/OpensslLib/openssl/ssl/record/rec_layer_s3.c,
      CryptoPkg/Library/OpensslLib/openssl/ssl/record/record.h,
      CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.
    - CVE-2024-4741
  * SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
    - debian/patches/CVE-2024-5535.patch: validate provided client list in
      CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.
    - CVE-2024-5535
  * SECURITY UPDATE: Possible denial of service in X.509 name checks
    - debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related
      name check logic in
      CryptoPkg/Library/OpensslLib/openssl/crypto/x509/v3_utl.c,
      CryptoPkg/Library/OpensslLib/openssl/test/*.
    - CVE-2024-6119
  * SECURITY UPDATE: Low-level invalid GF(2^m) parameters lead to OOB
    memory access
    - debian/patches/CVE-2024-9143.patch: harden BN_GF2m_poly2arr against
      misuse in CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c,
      CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c.
    - CVE-2024-9143
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2025-2295.patch: fix for Remote Memory Exposure in
      ISCSI in NetworkPkg/IScsiDxe/IScsiProto.c.
    - CVE-2025-2295
  * SECURITY UPDATE: code execution via IDT register
    - debian/patches/CVE-2025-3770.patch: safe handling of

  edk2 (2024.02-2ubuntu0.5) noble; urgency=medium

  * d/rules: Build OVMF.amdsev.fd (LP: #2122286)
  * d/descriptors: Add amd-sev JSON
  * d/ovmf.README.Debian: Mention OVMF.amdsev.fd firmware

 -- Lukas Märdian <email address hidden> Wed, 17 Sep 2025 10:25:57 +0200

  edk2 (2024.02-2ubuntu0.4) noble; urgency=medium

  * ovmf: cherry-pick patch from upstream to "use user-specified
    opt/ovmf/X-PciMmio64Mb value unconditionally". (LP: #2101903).
     - d/p/0001-OvmfPkg-Use-user-specified-opt-ovmf-X-PciMmio64Mb-va.patch

 -- Mitchell Augustin <email address hidden> Tue, 3 Jun 2025 22:51:00 -0500

  edk2 (2024.02-2ubuntu0.3) noble-security; urgency=medium

  * Disable the built-in Shell when SecureBoot is enabled (LP: #2101797)
  * d/tests/shell.py: Align aarch64 snakeoil tests w/ x64.
  * SECURITY UPDATE: UEFI Shell accessible in AAVMF with Secure Boot enabled
    - CVE-2025-2486

 -- Mate Kukri <email address hidden> Fri, 21 Mar 2025 12:28:14 +0000