UbuntuUpdates.org

Package "ovmf-ia32"

Name: ovmf-ia32

Description:

UEFI firmware for 32-bit x86 virtual machines
Latest version: 2025.02-3ubuntu2.2
Release: plucky (25.04)
Level: security
Repository: universe
Head package: edk2
Homepage: http://www.tianocore.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ovmf-ia32"

All arch deb package
APT INSTALL

Other versions of "ovmf-ia32" in Plucky

Repository Area Version
base universe 2025.02-3ubuntu2
updates universe 2025.02-3ubuntu2.2

Changelog

Version: 2025.02-3ubuntu2.2 2025-11-27 11:15:46 UTC

  edk2 (2025.02-3ubuntu2.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Timing side-channel in ECDSA signature computation
    - debian/patches/CVE-2024-13176.patch: fix timing side-channel in
      CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c,
      CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c,
      CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h.
    - CVE-2024-13176
  * SECURITY UPDATE: out of bounds read in HashPeImageByType()
    - debian/patches/CVE-2024-38797-1.patch: fix OOB read in
      SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
    - debian/patches/CVE-2024-38797-2.patch: improve logic in
      SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
    - debian/patches/CVE-2024-38797-3.patch: improve logic in
      SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c.
    - CVE-2024-38797
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2024-38805.patch: fix for out of bound memory
      access in NetworkPkg/IScsiDxe/IScsiProto.c.
    - CVE-2024-38805
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2025-2295.patch: fix for Remote Memory Exposure in
      ISCSI in NetworkPkg/IScsiDxe/IScsiProto.c.
    - CVE-2025-2295
  * SECURITY UPDATE: code execution via IDT register
    - debian/patches/CVE-2025-3770.patch: safe handling of IDT register on
      SMM entry in UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm.
    - CVE-2025-3770
  * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling
    - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte
      in CryptoPkg/Library/OpensslLib/openssl/crypto/http/http_lib.c.
    - CVE-2025-9232

 -- Marc Deslauriers <email address hidden> Wed, 08 Oct 2025 09:55:35 -0400
CVE-2024-13176 Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summ
CVE-2024-38797 EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via
CVE-2024-38805 EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vu
CVE-2025-2295 EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vu
CVE-2025-3770 EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vul
CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling


About   -   Send Feedback to @ubuntu_updates