[Git][security-tracker-team/security-tracker][master] CVE-2025-3770/edk2 [bullseye]

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e4925f2 by Bastien Roucariès at 2025-08-08T01:15:15+02:00
CVE-2025-3770/edk2 [bullseye]

This is likely a race condition on real hardware.

On emulated hardware, MCE are not triggerable easilly and must be enable for fault injection.

Moreover SMM does not occurs on virtual machine except for S3 handling.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -191,7 +191,9 @@ CVE-2025-46659 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 2
 	NOT-FOR-US: 4C Strategies
 CVE-2025-3770 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
 	- edk2 <unfixed> (bug #1110533)
+	[bullseye] - edk2 <postponed> (minor; likely a concern only on real hardware; used on S3 handling on qemu)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
+	NOTE: only arch: amd64, other arch (particularly i386) are not affected
 CVE-2025-35970 (On multiple products of SEIKO EPSON and FUJIFILM Corporation, the init ...)
 	NOT-FOR-US: SEIKO EPSON and FUJIFILM Corporation products
 CVE-2025-32094 (An issue was discovered in Akamai Ghost, as used for the Akamai CDN pl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e4925f2be03877803e402d8bdf8e2e4c22386ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e4925f2be03877803e402d8bdf8e2e4c22386ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250807/897a2a98/attachment.htm>