[ol10_kvm_utils] edk2-aarch64-30:20250905-4.el10.noarch

UEFI Firmware for aarch64 virtual machines

Changelog (Show File list) (Show related packages)

• Fri Sep 05 2025 Aaron Young <aaron.young@oracle.com>

  - Create new 20250905 release for OL10 which includes the following fixed CVEs:
  - EDK2: EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access [Orabug: 38381983] {CVE-2025-3770}
  - EDK2: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means [Orabug: 38382190] {CVE-2024-38805}
  - EDK2: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network [Orabug: 38382286] {CVE-2024-38797}
  - EDK2:  Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. [Orabug: 38413860] {CVE-2024-36331}
  - Update to OpenSSL 3.5.1 which includes the following fixed CVEs:
    {CVE-2025-4575} {CVE-2024-12797} {CVE-2024-13176} {CVE-2024-12797} {CVE-2024-13176} {CVE-2024-9143}

• Thu Jan 02 2025 Aaron Young <aaron.young@oracle.com>

  - Create new 20250102 release for OL10 which includes the following fixed CVEs:
  - EDK2: EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network [Orabug: 37414309] {CVE-2024-38796}
  - Update to OpenSSL 3.0.15 which includes the following fixed CVEs:
    {CVE-2023-4807} {CVE-2023-5363} {CVE-2023-5678} {CVE-2023-6129} {CVE-2023-6237} {CVE-2024-0727} {CVE-2024-2511} {CVE-2024-4603} {CVE-2024-4741} {CVE-2024-5535} {CVE-2024-6119}