Debian Edk2 vulnerabilities

CVE-2025-2296 [HIGH] CVE-2025-2296: edk2 - EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Inp... EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability. Scope: local bookworm: open bullseye: open forky: resolved (f

CVE-2025-3770 [HIGH] CVE-2025-3770: edk2 - EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Me... EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2025.02-9) sid: resolved (fixed in 2025.02-9) tri

CVE-2025-2486 [MEDIUM] CVE-2025-2486: edk2 - The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be... The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be

CVE-2025-2295 [LOW] CVE-2025-2295: edk2 - EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow... EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2025.02-4) sid: resolved (fixed in 2025.02-4) trixie: resolved (fixed in 2025.02-4)

CVE-2024-38797 [MEDIUM] CVE-2024-38797: edk2 - EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a rea... EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2025.02-8) sid: resolved (fixed i

CVE-2024-13176 [MEDIUM] CVE-2024-13176: edk2 - Issue summary: A timing side-channel which could potentially allow recovering th... Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast n

CVE-2024-38796 [MEDIUM] CVE-2024-38796: edk2 - EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker ma... EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u2) bullseye: resolved (fixed in 2020.11-2+deb11

CVE-2024-1298 [MEDIUM] CVE-2024-1298: edk2 - EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may c... EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u2) bullseye: resolved (fixed in 2020.11-2+deb11u3) forky: resolved (fixed in 2024.05-1)

CVE-2024-38798 [MEDIUM] CVE-2024-38798: edk2 - EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of S... EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in

CVE-2024-38805 [MEDIUM] CVE-2024-38805: edk2 - EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow... EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2025.02-9) sid: resolved (fixed in 2025.02-9) trixie: resolved (fixed in 2025.02-8+deb13u1)

CVE-2023-45232 [HIGH] CVE-2023-45232: edk2 - EDK2's Network Package is susceptible to an infinite loop vulnerability when par... EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 2020.11-2+

CVE-2023-45235 [HIGH] CVE-2023-45235: edk2 - EDK2's Network Package is susceptible to a buffer overflow vulnerability when ... EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullse

CVE-2023-45233 [HIGH] CVE-2023-45233: edk2 - EDK2's Network Package is susceptible to an infinite lop vulnerability when pars... EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 2020.11-2+deb

CVE-2023-45234 [HIGH] CVE-2023-45234: edk2 - EDK2's Network Package is susceptible to a buffer overflow vulnerability when pr... EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye

CVE-2023-45230 [HIGH] CVE-2023-45230: edk2 - EDK2's Network Package is susceptible to a buffer overflow vulnerability via a l... EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 2

CVE-2023-45231 [MEDIUM] CVE-2023-45231: edk2 - EDK2's Network Package is susceptible to an out-of-bounds read vulnerability wh... EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 2020.11-2+deb11u3)

CVE-2023-45237 [MEDIUM] CVE-2023-45237: edk2 - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Numb... EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2024.05-1) sid: resolved (fixed in 2024.05-1) trixie: resolved (fixed in 2024.05-1)

CVE-2023-45236 [MEDIUM] CVE-2023-45236: edk2 - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Numb... EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2024.05-1) sid: resolved (fixed in 2024.05-1) trixie: resolved (fixed in 2024.05-1)

CVE-2023-48733 [MEDIUM] CVE-2023-48733: edk2 - An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK... An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in 2020.11-2+deb11u2) forky: resolved (fixed in 2023.11-7) sid: resolved (fixed in 2023.11-7) trixie: resolved (fixed in 2023.11-7)

CVE-2023-45229 [MEDIUM] CVE-2023-45229: edk2 - EDK2's Network Package is susceptible to an out-of-bounds read vulnerability wh... EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Scope: local bookworm: resolved (fixed in 2022.11-6+deb12u1) bullseye: resolved (fixed in