SB20260626137 - Anolis OS update for edk2
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Protection mechanism failure (CVE-ID: CVE-2025-2296)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to bypass Secure Boot protections.
The vulnerability exists due to insufficient implementation of security measures in direct boot mode. If signature of Linux kernel is not in the DB, DxeImageVerification returns EFI_ACCESS_DENIED, however it falls back to the legacy loader allowing to bypass the secure boot mechanism. An attacker with physical access to the system can bypass secure boot feature and load an untrusted image.
Remediation
Install update from vendor's website.