Packages
- edk2 - UEFI firmware for virtual machines
Details
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38796)
It was discovered that the EDK II PE image hashing function incorrectly
handled certain memory operations. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-38797)
It was discovered that the EDK II BIOS incorrectly handled certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2024-38805, CVE-2025-2295)
It was discovered that EDK II incorrectly handled the enabling of MCE. An
attacker could possibly use this issue to cause a denial of service, or
execute arbitrary code. (CVE-2025-3770)
It was discovered that the OpenSSL library embedded in EDK II contained
multiple vulnerabilties. An attacker could possibly use these issues to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304,
CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678,
CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511,
CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143,
CVE-2025-9232)
Update instructions
After a standard system update you need to restart the virtual machines that use the affected firmware to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 24.04 LTS noble | efi-shell-aa64 – 2024.02-2ubuntu0.7 | ||
| efi-shell-arm – 2024.02-2ubuntu0.7 | |||
| efi-shell-ia32 – 2024.02-2ubuntu0.7 | |||
| efi-shell-riscv64 – 2024.02-2ubuntu0.7 | |||
| efi-shell-x64 – 2024.02-2ubuntu0.7 | |||
| ovmf – 2024.02-2ubuntu0.7 | |||
| ovmf-ia32 – 2024.02-2ubuntu0.7 | |||
| qemu-efi-aarch64 – 2024.02-2ubuntu0.7 | |||
| qemu-efi-arm – 2024.02-2ubuntu0.7 | |||
| qemu-efi-riscv64 – 2024.02-2ubuntu0.7 | |||
| 22.04 LTS jammy | ovmf – 2022.02-3ubuntu0.22.04.5 | ||
| ovmf-ia32 – 2022.02-3ubuntu0.22.04.5 | |||
| qemu-efi – 2022.02-3ubuntu0.22.04.5 | |||
| qemu-efi-aarch64 – 2022.02-3ubuntu0.22.04.5 | |||
| qemu-efi-arm – 2022.02-3ubuntu0.22.04.5 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.