Package "edk2"
| Name: |
edk2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- UEFI Shell for 64-bit ARM architecture
- UEFI Shell for 32-bit ARM architecture
- UEFI Shell for 32-bit x86 architecture
- UEFI Shell for 64-bit LoongArch architecture
|
| Latest version: |
2025.02-3ubuntu2.2 |
| Release: |
plucky (25.04) |
| Level: |
updates |
| Repository: |
universe |
Links
Other versions of "edk2" in Plucky
Packages in group
Deleted packages are displayed in grey.
Changelog
|
edk2 (2025.02-3ubuntu2.2) plucky-security; urgency=medium
* SECURITY UPDATE: Timing side-channel in ECDSA signature computation
- debian/patches/CVE-2024-13176.patch: fix timing side-channel in
CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c,
CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c,
CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h.
- CVE-2024-13176
* SECURITY UPDATE: out of bounds read in HashPeImageByType()
- debian/patches/CVE-2024-38797-1.patch: fix OOB read in
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
- debian/patches/CVE-2024-38797-2.patch: improve logic in
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c.
- debian/patches/CVE-2024-38797-3.patch: improve logic in
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c.
- CVE-2024-38797
* SECURITY UPDATE: DoS via integer overflow
- debian/patches/CVE-2024-38805.patch: fix for out of bound memory
access in NetworkPkg/IScsiDxe/IScsiProto.c.
- CVE-2024-38805
* SECURITY UPDATE: DoS via integer overflow
- debian/patches/CVE-2025-2295.patch: fix for Remote Memory Exposure in
ISCSI in NetworkPkg/IScsiDxe/IScsiProto.c.
- CVE-2025-2295
* SECURITY UPDATE: code execution via IDT register
- debian/patches/CVE-2025-3770.patch: safe handling of IDT register on
SMM entry in UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm.
- CVE-2025-3770
* SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling
- debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte
in CryptoPkg/Library/OpensslLib/openssl/crypto/http/http_lib.c.
- CVE-2025-9232
-- Marc Deslauriers <email address hidden> Wed, 08 Oct 2025 09:55:35 -0400
|
| Source diff to previous version |
| CVE-2024-13176 |
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summ |
| CVE-2024-38797 |
EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via |
| CVE-2024-38805 |
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vu |
| CVE-2025-2295 |
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vu |
| CVE-2025-3770 |
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vul |
| CVE-2025-9232 |
Out-of-bounds read in HTTP client no_proxy handling |
|
|
edk2 (2025.02-3ubuntu2.1) plucky; urgency=medium
* d/rules: Build OVMF.amdsev.fd (LP: #2106771)
* d/descriptors: Add amd-sev JSON
* d/ovmf.README.Debian: Mention OVMF.amdsev.fd firmware
-- Lukas Märdian <email address hidden> Wed, 30 Jul 2025 10:00:21 +0200
|
| 2106771 |
Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd |
|
About
-
Send Feedback to @ubuntu_updates
