[Git][security-tracker-team/security-tracker][master] Add CVE-2025-2296/edk2

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24d4a9e3 by Salvatore Bonaccorso at 2025-12-09T22:11:31+01:00
Add CVE-2025-2296/edk2

The upstream information is not very clear. It claims 2025.05 contains
the fixes which is true, but the mentioned changes seem to be present up
to the 2025.02 released version and confirmed/double checked by fetching
2025.02-1.

This might still need a second pair of eyes to double-check.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -721,7 +721,9 @@ CVE-2025-33214 (NVIDIA NVTabular for Linux contains a vulnerability in the Workf
 CVE-2025-33213 (NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in t ...)
 	TODO: check
 CVE-2025-2296 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
-	TODO: check
+	- edk2 2025.02-1
+	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5
+	NOTE: https://github.com/tianocore/edk2/pull/10628
 CVE-2025-14345 (A post-authenticationflaw in the network two-phase commit protocol use ...)
 	TODO: check
 CVE-2025-14337 (A vulnerability was determined in itsourcecode Student Management Syst ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24d4a9e3bdc40677fbb216adde37fd1d2c50a312

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24d4a9e3bdc40677fbb216adde37fd1d2c50a312
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/6ca2d6ff/attachment.htm>