OESA-2025-2298
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2298
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2298.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2298
- Upstream
- Published
- 2025-09-19T13:12:58Z
- Modified
- 2025-09-19T14:02:43.701217Z
- Summary
- edk2 security update
- Details
-
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.
Security Fix(es):
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.(CVE-2024-38805)
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.(CVE-2025-3770)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS / edk2
Package
- Name
- edk2
- Purl
- pkg:rpm/openEuler/edk2&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed202308-28.oe2403
Ecosystem specific
{
"x86_64": [
"edk2-debuginfo-202308-28.oe2403.x86_64.rpm",
"edk2-debugsource-202308-28.oe2403.x86_64.rpm",
"edk2-devel-202308-28.oe2403.x86_64.rpm"
],
"src": [
"edk2-202308-28.oe2403.src.rpm"
],
"aarch64": [
"edk2-debuginfo-202308-28.oe2403.aarch64.rpm",
"edk2-debugsource-202308-28.oe2403.aarch64.rpm",
"edk2-devel-202308-28.oe2403.aarch64.rpm"
],
"noarch": [
"edk2-aarch64-202308-28.oe2403.noarch.rpm",
"edk2-help-202308-28.oe2403.noarch.rpm",
"edk2-ovmf-202308-28.oe2403.noarch.rpm",
"python3-edk2-devel-202308-28.oe2403.noarch.rpm"
]
}