An update for edk2 is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2386 Final 1.0 1.0 2025-10-11 Initial 2025-10-11 2025-10-11 openEuler SA Tool V1.0 2025-10-11 edk2 security update An update for edk2 is now available for openEuler-24.03-LTS-SP2 EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fix(es): EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.(CVE-2024-38805) EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.(CVE-2025-3770) An update for edk2 is now available for openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High edk2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2386 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38805 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-3770 https://nvd.nist.gov/vuln/detail/CVE-2024-38805 https://nvd.nist.gov/vuln/detail/CVE-2025-3770 openEuler-24.03-LTS-SP2 edk2-202308-26.oe2403sp2.src.rpm edk2-aarch64-202308-26.oe2403sp2.noarch.rpm edk2-help-202308-26.oe2403sp2.noarch.rpm edk2-ovmf-202308-26.oe2403sp2.noarch.rpm python3-edk2-devel-202308-26.oe2403sp2.noarch.rpm edk2-debuginfo-202308-26.oe2403sp2.aarch64.rpm edk2-debugsource-202308-26.oe2403sp2.aarch64.rpm edk2-devel-202308-26.oe2403sp2.aarch64.rpm edk2-debuginfo-202308-26.oe2403sp2.x86_64.rpm edk2-debugsource-202308-26.oe2403sp2.x86_64.rpm edk2-devel-202308-26.oe2403sp2.x86_64.rpm EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. 2025-10-11 CVE-2024-38805 openEuler-24.03-LTS-SP2 Medium 6.3 AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H edk2 security update 2025-10-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2386 EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability. 2025-10-11 CVE-2025-3770 openEuler-24.03-LTS-SP2 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H edk2 security update 2025-10-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2386