edk2 security, bug fix, and enhancement update

2023-05-1500:00:00

linux.oracle.com

amd sev

dynamic mmio window

openssl updates

arm

aarch64

rebase

cve-2023-0286

cve-2022-4304

cve-2023-0215

cve-2022-4450

smm privilege escalation

qemuvideodxe fix

0.004 Low

EPSS

Percentile

74.2%

JSON

[20221207gitfff6d81270b5-9]

edk2-remove-amd-sev-feature-flag-from-secure-boot-builds-.patch [bz#2169247]
Resolves: bz#2169247
([edk2] Install a sev guest with enrolled secure boot failed)
[20221207gitfff6d81270b5-8]
edk2-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174605]
Resolves: bz#2174605
([EDK2] disable dynamic mmio window)
[20221207gitfff6d81270b5-7]
edk2-Revert-MdeModulePkg-TerminalDxe-add-other-text-resol.patch [bz#2162307]
Resolves: bz#2162307
(Broken GRUB output on a serial console)
[20221207gitfff6d81270b5-6]
edk2-update-build-script-rhel-only.patch [bz#2168046]
edk2-update-build-config-rhel-only.patch [bz#2168046]
edk2-add-release-date-to-builds-rh-only.patch [bz#2168046]
edk2-openssl-update.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583]
Resolves: bz#2168046
([SVVP] job ‘Check SMBIOS Table Specific Requirements’ failed on win2022)
Resolves: bz#2164534
(CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9])
Resolves: bz#2164550
(CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9])
Resolves: bz#2164565
(CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9])
Resolves: bz#2164583
(CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9])
[20221207gitfff6d81270b5-5]
edk2-Revert-ArmVirtPkg-ArmVirtQemu-enable-initial-ID-map-.patch [bz#2157656]
Resolves: bz#2157656
([edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares)
[20221207gitfff6d81270b5-4]
edk2-ArmVirt-don-t-use-unaligned-CopyMem-on-NOR-flash.patch [bz#2158173]
Resolves: bz#2158173
([aarch64][numa] Failed to create 2 numa nodes in some hardwares)
[20221207gitfff6d81270b5-3]
edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch [bz#2158173]
edk2-MdePkg-Remove-Itanium-leftover-data-structure-RH-onl.patch [bz#1983086]
Resolves: bz#2158173
([aarch64][numa] Failed to create 2 numa nodes in some hardwares)
Resolves: bz#1983086
(Assertion failure when creating 1024 VCPU VM: […]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status))
[20221207gitfff6d81270b5-2]
edk2-use-rpm-build-flags-rh-only.patch [RHEL-177]
Resolves: RHEL-177
(Enable GNU_RELRO security protection)
[20221207gitfff6d81270b5-1]
Rebase to edk2-stable202211 tag
Resolves: RHEL-119
(rebase edk2 to edk2-stable202211)
Resolves: RHEL-75
(edk2 builds should show the build version)
Resolves: bz#2132951
(edk2: Sort traditional virtualization builds before Confidential Computing builds)
[20220826gitba0e0e4c6a-2]
edk2-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch [bz#1989857]
Resolves: bz#1989857
(CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation [rhel-9.0])
[ 0220826gitba0e0e4c6a-1]
Rebase to edk2-stable202208 tag [RHELX-59]
Resolves: RHELX-59
(rebase edk2 to 2022-08 stable tag)
[20220526git16779ede2d36-4]
edk2-OvmfPkg-QemuVideoDxe-fix-bochs-mode-init.patch [RHELX-58]
Resolves: RHELX-58
(Guest console turns black with uefi rhel guests and stdvga)

OSVersionArchitecturePackageVersionFilename
oracle linux9srcedk2< 20221207gitfff6d81270b5-9.el9_2edk2-20221207gitfff6d81270b5-9.el9_2.src.rpm
oracle linux9noarchedk2-aarch64< 20221207gitfff6d81270b5-9.el9_2edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux9aarch64edk2-tools< 20221207gitfff6d81270b5-9.el9_2edk2-tools-20221207gitfff6d81270b5-9.el9_2.aarch64.rpm
oracle linux9noarchedk2-tools-doc< 20221207gitfff6d81270b5-9.el9_2edk2-tools-doc-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux9srcedk2< 20221207gitfff6d81270b5-9.el9_2edk2-20221207gitfff6d81270b5-9.el9_2.src.rpm
oracle linux9noarchedk2-aarch64< 20221207gitfff6d81270b5-9.el9_2edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux9noarchedk2-ovmf< 20221207gitfff6d81270b5-9.el9_2edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux9x86_64edk2-tools< 20221207gitfff6d81270b5-9.el9_2edk2-tools-20221207gitfff6d81270b5-9.el9_2.x86_64.rpm
oracle linux9noarchedk2-tools-doc< 20221207gitfff6d81270b5-9.el9_2edk2-tools-doc-20221207gitfff6d81270b5-9.el9_2.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	9	src	edk2	< 20221207gitfff6d81270b5-9.el9_2	edk2-20221207gitfff6d81270b5-9.el9_2.src.rpm
oracle linux	9	noarch	edk2-aarch64	< 20221207gitfff6d81270b5-9.el9_2	edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux	9	aarch64	edk2-tools	< 20221207gitfff6d81270b5-9.el9_2	edk2-tools-20221207gitfff6d81270b5-9.el9_2.aarch64.rpm
oracle linux	9	noarch	edk2-tools-doc	< 20221207gitfff6d81270b5-9.el9_2	edk2-tools-doc-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux	9	src	edk2	< 20221207gitfff6d81270b5-9.el9_2	edk2-20221207gitfff6d81270b5-9.el9_2.src.rpm
oracle linux	9	noarch	edk2-aarch64	< 20221207gitfff6d81270b5-9.el9_2	edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux	9	noarch	edk2-ovmf	< 20221207gitfff6d81270b5-9.el9_2	edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
oracle linux	9	x86_64	edk2-tools	< 20221207gitfff6d81270b5-9.el9_2	edk2-tools-20221207gitfff6d81270b5-9.el9_2.x86_64.rpm
oracle linux	9	noarch	edk2-tools-doc	< 20221207gitfff6d81270b5-9.el9_2	edk2-tools-doc-20221207gitfff6d81270b5-9.el9_2.noarch.rpm