ELSA-2026-36721 - edk2 security, bug fix, and enhancement update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2026-07-08 |
Description
[20220126gitbb1bba3d77-13.el8.10]
- edk2-OvmfPkg-Expand-EnrollDefaultKeys-with-Microsoft-2023.patch [RHEL-151949]
- Resolves: RHEL-151949
([FJ8.10 Bug] How to Update Secure Boot Certificates with Microsoft 2023 in KVM Guests)
[20220126gitbb1bba3d77-13.el8.9]
- edk2-openssl-flatten-contents-of-openssl-tarball.patch [RHEL-115901]
- edk2-Bumped-openssl-submodule-to-rhel-8-main.patch [RHEL-115901]
- Resolves: RHEL-115901
(CVE-2025-9230 edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8.8]
- edk2-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch [RHEL-71687]
- Resolves: RHEL-71687
([Regression] HTTP boot not available [aarch64] [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8.7]
- edk2-redhat-Fix-ovmf-vars-generator-RH-only.patch [RHEL-66236]
- Resolves: RHEL-66236
([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10])
[20220126gitbb1bba3d77-13.el8.6]
- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-66188]
- Resolves: RHEL-66188
([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10])
[20220126gitbb1bba3d77-13.el8.5]
- edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236]
- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236]
- Resolves: RHEL-66236
([Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-8.10])
[20220126gitbb1bba3d77-13.el8.4]
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60830]
- Resolves: RHEL-60830
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8.3]
- edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-53009]
- Resolves: RHEL-53009
(No http boot support on edk2-ovmf-20231122-6.el9_4.2 [rhel-8.10.z])
[20220126gitbb1bba3d77-13.el8_10.2]
[20220126gitbb1bba3d77-13.el8_10.1]
- edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Apply-uncrustify-changes.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Remove-ArchGetSupportedRngAlgorit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Documentation-include-parameter-c.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Check-before-advertising-Cpu-Rng-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Rename-AArch64-RngDxe.c.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Correctly-update-mAvailableAlgoAr.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Conditionally-install-EFI_RNG_PRO.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-21854 RHEL-21856 RHEL-40099]
- Resolves: RHEL-21854
(CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-8])
- Resolves: RHEL-21856
(CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-8])
- Resolves: RHEL-40099
(CVE-2024-1298 edk2: Temporary DoS vulnerability [rhel-8.10.z])
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle Linux 8 (aarch64) | edk2-20220126gitbb1bba3d77-13.el8_10.10.src.rpm | 55cbdbe157efb4b468c848e3523ebb08e7896e666aa8235917b76f91ae8bfa3b | - | ol8_aarch64_appstream |
| edk2-aarch64-20220126gitbb1bba3d77-13.el8_10.10.noarch.rpm | 148ab4683ef9069d8a15c961a6dc866eab19b437c0d81f70b5e632ced84fde9e | - | ol8_aarch64_appstream |
|
| Oracle Linux 8 (x86_64) | edk2-20220126gitbb1bba3d77-13.el8_10.10.src.rpm | 55cbdbe157efb4b468c848e3523ebb08e7896e666aa8235917b76f91ae8bfa3b | - | ol8_x86_64_appstream |
| edk2-ovmf-20220126gitbb1bba3d77-13.el8_10.10.noarch.rpm | 38d01c64bfe6b2297b688cf2a8cb198bd7d599198b7c7abfd8fe72ac35ff1084 | - | ol8_x86_64_appstream |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team