#1110533 edk2: CVE-2025-3770

Package:
src:edk2
Source:
src:edk2
Submitter:
Salvatore Bonaccorso
Date:
2025-09-01 22:39:03 UTC
Severity:
normal
Tags:
#1110533#5
Date:
2025-08-07 20:06:07 UTC
From:
To:
Hi,

The following vulnerability was published for edk2.

CVE-2025-3770[0]:
| EDK2 contains a vulnerability in BIOS where an attacker may cause
| “Protection Mechanism Failure” by local access. Successful
| exploitation of this vulnerability will lead to arbitrary code
| execution and impact Confidentiality, Integrity, and Availability.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-3770
https://www.cve.org/CVERecord?id=CVE-2025-3770
[1] https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1110533#10
Date:
2025-09-01 22:36:17 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1110533@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated edk2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Mon, 01 Sep 2025 14:16:19 -0600
Source: edk2
Architecture: source
Version: 2025.02-9
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Closes: 1103961 1110533 1111100
Changes:
 edk2 (2025.02-9) unstable; urgency=medium
 .
   * Cherry-pick openssl fix for timing side-channel in ECDSA signature
     computation, CVE-2024-13176.
     - d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
   * Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805.
     (Closes: #1111100).
     - d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
   * Use virt-firmware to enroll default keys.
   * Initialize the Secure Boot dbx in *.ms.fd with the latest revocations.
     The dbx previously only contained the hash of an empty file.
   * Safe handling of IDT register on SMM entry, CVE-2025-3770.
     (Closes: #1110533).
     - d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch
   * Add amdsev image. Thanks to Lukas Märdian. (Closes: #1103961).
Checksums-Sha1:
 2800233feb28f1679d90af98afe2632d017b81ef 2630 edk2_2025.02-9.dsc
 fb4095b28dafda9d8e2de90b3ffe5a392aec1267 71572 edk2_2025.02-9.debian.tar.xz
 2df4bd0e01c29eea75277dc3f6ff2537ef43b4b5 10716 edk2_2025.02-9_source.buildinfo
Checksums-Sha256:
 a7eac1ef65f2e44610a8c20e2d65f6593b8a82d8d5ca79eb5e188b2203032424 2630 edk2_2025.02-9.dsc
 37bbe74f35dc030f5cbc3250f6ba9a781dd5231a1372a459db848a24dee93471 71572 edk2_2025.02-9.debian.tar.xz
 eef43421807ca7b4aa5d887ca769f64ed6b13497eab106d2a1fca8ffe056de48 10716 edk2_2025.02-9_source.buildinfo
Files:
 7b0afdc61838cce49cd33bb7b081a330 2630 misc optional edk2_2025.02-9.dsc
 8babbbfe95e1048cc2548e908a242061 71572 misc optional edk2_2025.02-9.debian.tar.xz
 4e32a25c70e0bbe0cd25ae123d754343 10716 misc optional edk2_2025.02-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----

wr0EARYKAG8Fgmi1/zQJEFRbhkD0YjpYRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZ0RRZLwMT3IldpUz/NOzLXU/QqPziC14OSY4+xMeetEO
FiEEKBpcS4ojw8R0IfYuVFuGQPRiOlgAAIylAP96TduryBJX6Y0E9ZGmPioNVscF
2FjeiL4O2SGFxn6aowEA/PVju+kTEj2uNsGKMn40QDmExVdyt6/Ji9II1G/hawM=
=KF5I
-----END PGP SIGNATURE-----