Astra Linux - уязвимость в edk2

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privileges, denial of service, and/or information disclosure through physical access...

Astra Linux - уязвимость в edk2

Improper configuration in the system firmware for EDK II may allow unauthenticated users to potentially enable privilege escalation, information disclosure, and/or denial of service through local access...

Astra Linux - уязвимость в edk2

EDK2 is vulnerable to a vulnerability in the Tcg2MeasureGptTable function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...

Astra Linux - уязвимость в edk2

The example of an encrypted private key in EDK2, present in the IpSecDxe.efi, may pose potential security risks...

Astra Linux - уязвимость в edk2

Existing checks in SmmEntryPoint will not catch underflow when calculating BufferSize...

Astra Linux - уязвимость в edk2

Null pointer dereferencing in Tianocore EDK2 may allow an authenticated user to potentially enable privilege escalation through local access...

Astra Linux - уязвимость в edk2

A BIOS bug in the firmware of a specific PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently cause damage to the system’s performance...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: edk2 (UTSA-2026-017475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017475 advisory. BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. Tenable has extracted the...

Astra Linux - уязвимость в edk2

EDK2’s Network Package is vulnerable to a buffer overflow vulnerability due to the long server ID option in DHCPv6 clients. This vulnerability can be exploited by an attacker to gain unauthorized access and may result in a loss of confidentiality, integrity, and/or availability...

SUSE-RU-2026:20683-1 Recommended update for shim

This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory -...

RHSA-2026:2776 Red Hat Security Advisory: edk2 security update

Bulletin has no description...

MiracleLinux 9 : edk2-20231122-6.el9 (AXSA:2024-8102:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8102:05 advisory. edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message CVE-2023-45235 EDK2: heap buffer overflow in...

MiracleLinux 9 : edk2-20231122-6.el9_4.2 (AXSA:2024-8600:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8600:07 advisory. EDK2: integer overflow in CreateHob could lead to HOB OOB R/W CVE-2022-36765 edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use...

EulerOS Virtualization 2.13.1 : EDK2 (EulerOS-SA-2025-2536)

According to the versions of the EDK2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access. Successful...

Oracle Linux 9 : edk2 (ELSA-2025-28047)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28047 advisory. - EDK2: EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access Orabug: 38381983 CVE-2025-377...

Oracle Linux 8 : edk2 (ELSA-2025-20669)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20669 advisory. - EDK2: EDK2 contains a vulnerability in BIOS where an attacker may cause Protection Mechanism Failure by local access Orabug: 38381983 CVE-2025-3770 ...

USN-7894-2 edk2 regression

USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a regression in the UEFI network boot. This update reverts the corresponding fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovere...

OESA-2025-2506 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary:...

OESA-2025-2388 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability ma...

CVE-2024-38805 iSCSI Remote Memory Corruption and Denial of Service

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...