edk2 security update

An update is available for edk2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...

Astra Linux - уязвимость в edk2

EDK2 is vulnerable to a vulnerability in the CreateHob function, which allows a user to trigger an integer overflow that leads to a buffer overflow through a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...

[SECURITY] Fedora 43 Update: edk2-20260213-4.fc43

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from a memory corruption when loading invalid firmware in the bootloader...

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from improper input validation and could lead to arbitrary command execution...

Ubuntu EDK2 安全漏洞

Ubuntu EDK2 is an open source firmware development kit for Ubuntu. A security vulnerability exists in Ubuntu edk2 that stems from the Secure Boot environment that allows access to the UEFI Shell, which could lead to Secure Boot constraints being bypassed...

EUVD-2025-10333

Malicious code in bioql PyPI...

CVE-2025-22012

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on appssmmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine o...

CVE-2025-22012

CVE-2025-22012 concerns a Linux kernel issue where a change in arm64 dts for qcom SDM845/850 could affect pagetable walker cache coherency. The vulnerability description states that this led to lock-ups and resets on some devices (e.g., Yoga C630) while others (Dragonboard 845c) were unaffected. ...

CVE-2025-22012 Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu"

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on appssmmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine o...

EDK2 输入验证错误漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from an integer overflow or wrap-around error that could result in a denial of service...

[SECURITY] Fedora 40 Update: edk2-20240813-2.fc40

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

Use of a Weak PseudoRandom Number Generator in EDK II Network Package

...

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a security vulnerability that stems from allowing insecure default settings that allow an attacker to bypass secure boot...

EDK2 Security Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 due to an infinite loop vulnerability in the Network Package when parsing unknown options in the IPv6 target option header...

EDK2 Buffer Error Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from Network Package being susceptible to a buffer overflow vulnerability due to the long server ID option in the DHCP...

EDK2 Buffer Error Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from the Network Package's susceptibility to a buffer overflow vulnerability when handling the DNS server option in...

AZL-39559 CVE-2022-36763 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments based on UEFI and PI specifications from the Tianocore community. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the CreateHob function...

EDK II Integer Truncation Vulnerability

EDK II is a modern, feature-rich cross-platform firmware development environment for UEFI and the UEFI Platform Initialization PI specification. EDK II suffers from an integer truncation vulnerability that can be exploited by authenticated users to elevate privileges...