[Git][security-tracker-team/security-tracker][master] Update status of CVE-2025-2486/edk2

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af72c518 by Salvatore Bonaccorso at 2025-12-03T16:59:34+01:00
Update status of CVE-2025-2486/edk2

After short informal discussion with Dann Frazier we decided to mark the
issue fixed with the patch disabling the built-in shell when SecureBoot
is enabled.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1240,9 +1240,11 @@ CVE-2025-45311 (Insecure permissions in fail2ban-client v0.11.2 allows attackers
 CVE-2025-3747
 	REJECTED
 CVE-2025-2486 (The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI S ...)
-	- edk2 <undetermined>
+	- edk2 2023.11-7
+	[bookworm] - edk2 2022.11-6+deb12u1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797
-	TODO: check details
+	NOTE: To address CVE-2023-48733 in Debian a local patch disabled the built-in Shell
+	NOTE: when SecureBoot is enabled fixing CVE-2025-2486.
 CVE-2025-26155 (NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client ...)
 	NOT-FOR-US: NCP
 CVE-2025-20373 (In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af72c518b99c6e7a116b34e1b0a170f934c029e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af72c518b99c6e7a116b34e1b0a170f934c029e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/726ad006/attachment-0001.htm>