SB2025112721 - Multiple vulnerabilities in edk2

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2024-38797)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the HashPeImageByType() function when reading PE files. A remote attacker can create a specially crafted PE file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

2) Protection mechanism failure (CVE-ID: CVE-2025-2296)

The vulnerability allows an attacker to bypass Secure Boot protections.

The vulnerability exists due to insufficient implementation of security measures in direct boot mode. If signature of Linux kernel is not in the DB, DxeImageVerification returns EFI_ACCESS_DENIED, however it falls back to the legacy loader allowing to bypass the secure boot mechanism. An attacker with physical access to the system can bypass secure boot feature and load an untrusted image. 

Remediation

Install update from vendor's website.

References

• https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
• https://github.com/tianocore/edk2/pull/10928
• https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5