Not a user yet?
Log in Register for free Suggest a product
Update

USN-7894-2: EDK II regression

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7894-2: EDK II regression

Publication date: 28 November 2025
Overview: USN-7894-1 introduced a regression in EDK II

Packages

  • edk2 - UEFI firmware for virtual machines

Details
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)

It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)

It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38796)

It was discovered that the EDK II PE image hashing function incorrectly
handled certain memory operations. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-38797)

It was discovered that the EDK II BIOS incorrectly handled certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2024-38805, CVE-2025-2295)

It was discovered that EDK II incorrectly handled the enabling of MCE. An
attacker could possibly use this issue to cause a denial of service, or
execute arbitrary code. (CVE-2025-3770)

It was discovered that the OpenSSL library embedded in EDK II contained
multiple vulnerabilties. An attacker could possibly use these issues to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304,

  • CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
  • CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678,
  • CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511,
  • CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143,
  • CVE-2025-9232)

Update instructions

After a standard system update you need to restart the virtual machines that use the affected firmware to make all the necessary changes.
The problem can be corrected by updating your system to the following package versions:

24.04 LTS noble

  • efi-shell-aa64 – 2024.02-2ubuntu0.7
  • efi-shell-arm – 2024.02-2ubuntu0.7
  • efi-shell-ia32 – 2024.02-2ubuntu0.7
  • efi-shell-riscv64 – 2024.02-2ubuntu0.7
  • efi-shell-x64 – 2024.02-2ubuntu0.7
  • ovmf – 2024.02-2ubuntu0.7
  • ovmf-ia32 – 2024.02-2ubuntu0.7
  • qemu-efi-aarch64 – 2024.02-2ubuntu0.7
  • qemu-efi-arm – 2024.02-2ubuntu0.7
  • qemu-efi-riscv64 – 2024.02-2ubuntu0.7

22.04 LTS jammy

  • ovmf – 2022.02-3ubuntu0.22.04.5
  • ovmf-ia32 – 2022.02-3ubuntu0.22.04.5
  • qemu-efi – 2022.02-3ubuntu0.22.04.5
  • qemu-efi-aarch64 – 2022.02-3ubuntu0.22.04.5
  • qemu-efi-arm – 2022.02-3ubuntu0.22.04.5
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad