Описание
ELSA-2025-28047: edk2 security update (IMPORTANT)
[20250905-4]
- Create new 20250905 release for OL9 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access [Orabug: 38381983] {CVE-2025-3770}
- EDK2: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means [Orabug: 38382190] {CVE-2024-38805}
- EDK2: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network [Orabug: 38382286] {CVE-2024-38797}
- EDK2: Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. [Orabug: 38413860] {CVE-2024-36331}
- Update to OpenSSL 3.5.1 which includes the following fixed CVEs: {CVE-2025-4575} {CVE-2024-12797} {CVE-2024-13176} {CVE-2024-12797} {CVE-2024-13176} {CVE-2024-9143}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
edk2-aarch64
20250905-4.el9
Oracle Linux x86_64
edk2-ovmf
20250905-4.el9
Связанные уязвимости
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.
Improper initialization of CPU cache memory could allow a privileged a ...
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.