SB20260626137 - Anolis OS update for edk2



SB20260626137 - Anolis OS update for edk2

Published: June 26, 2026

Security Bulletin ID SB20260626137
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Protection mechanism failure (CVE-ID: CVE-2025-2296)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an attacker to bypass Secure Boot protections.

The vulnerability exists due to insufficient implementation of security measures in direct boot mode. If signature of Linux kernel is not in the DB, DxeImageVerification returns EFI_ACCESS_DENIED, however it falls back to the legacy loader allowing to bypass the secure boot mechanism. An attacker with physical access to the system can bypass secure boot feature and load an untrusted image. 


Remediation

Install update from vendor's website.