[ol9_kvm_utils] edk2-aarch64-30:20250905-4.el9.noarch

Name:	edk2-aarch64
Epoch:	30
Version:	20250905
Release:	4.el9
Architecture:	noarch
Group:	Applications/Emulators
Size:	958459121
License:	BSD
RPM:	edk2-aarch64-20250905-4.el9.noarch.rpm
Source RPM:	edk2-20250905-4.el9.src.rpm
Build Date:	Mon Sep 29 2025
Build Host:	build-ol9-aarch64.oracle.com
Vendor:	Oracle
URL:	http://www.tianocore.org
Summary:	UEFI Firmware for aarch64 virtual machines
Description:	UEFI Firmware for aarch64 virtual machines

Changelog (Show File list) (Show related packages)

Fri Sep 05 2025 Aaron Young <aaron.young@oracle.com>

- Create new 20250905 release for OL9 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access [Orabug: 38381983] {CVE-2025-3770}
- EDK2: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means [Orabug: 38382190] {CVE-2024-38805}
- EDK2: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network [Orabug: 38382286] {CVE-2024-38797}
- EDK2:  Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. [Orabug: 38413860] {CVE-2024-36331}
- Update to OpenSSL 3.5.1 which includes the following fixed CVEs:
  {CVE-2025-4575} {CVE-2024-12797} {CVE-2024-13176} {CVE-2024-12797} {CVE-2024-13176} {CVE-2024-9143}

Thu Jan 02 2025 Aaron Young <aaron.young@oracle.com>

- Create new 20250102 release for OL9 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network [Orabug: 37414309] {CVE-2024-38796}
- Update to OpenSSL 3.0.15 which includes the following fixed CVEs:
  {CVE-2023-4807} {CVE-2023-5363} {CVE-2023-5678} {CVE-2023-6129} {CVE-2023-6237} {CVE-2024-0727} {CVE-2024-2511} {CVE-2024-4603} {CVE-2024-4741} {CVE-2024-5535} {CVE-2024-6119}

Mon Sep 09 2024 Aaron Young <aaron.young@oracle.com>

- Create new 20240909 release for OL9 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}

Tue Feb 27 2024 Aaron Young <aaron.young@oracle.com>

- Create new 20240227 release for OL9 which includes the following fixed CVEs:
  {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765}
- Update to OpenSSL 3.0.10 which includes the following fixed CVEs:
  {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839}