Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 22.04 LTS EDK II Critical Denial of Service Flaws USN-7894-1

ubuntu
Calendar Grey November 26, 2025
Dist Ubuntu Esm H88
Important security issues fixed in EDK II for various Ubuntu releases, requiring immediate action against potential threats.
Several security issues were fixed in EDK II.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in EDK II. Software Description: - edk2: UEFI firmware for virtual machines Details: It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2023-45236, CVE-2023-45237) It was discovered that EDK II incorrectly handled S3 sleep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298) It was discovered that the EDK II PE/COFF loader incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.0...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical access issue Ubuntu EDK II

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 ovmf 2025.02-3ubuntu2.2 ovmf-ia32 2025.02-3ubuntu2.2 qemu-efi-aarch64 2025.02-3ubuntu2.2 qemu-efi-arm 2025.02-3ubuntu2.2 qemu-efi-loongarch64 2025.02-3ubuntu2.2 qemu-efi-riscv64 2025.02-3ubuntu2.2 Ubuntu 24.04 LTS ovmf 2024.02-2ubuntu0.6 ovmf-ia32 2024.02-2ubuntu0.6 qemu-efi-aarch64 2024.02-2ubuntu0.6 qemu-efi-arm 2024.02-2ubuntu0.6 qemu-efi-riscv64 2024.02-2ubuntu0.6 Ubuntu 22.04 LTS ovmf 2022.02-3ubuntu0.22.04.4 ovmf-ia32 2022.02-3ubuntu0.22.04.4 qemu-efi 2022.02-3ubuntu0.22.04.4 qemu-efi-aarch64 2022.02-3ubuntu0.22.04.4 qemu-efi-arm 2022.02-3ubuntu0.22.04.4 After a standard system update you need to restart the virtual machines that use the affected firmware to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7894-1

CVE-2021-3712, CVE-2022-0778, CVE-2022-4304, CVE-2022-4450,

CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,

CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817,

CVE-2023-45236, CVE-2023-45237, CVE-2023-5678, CVE-2023-6237,

CVE-2024-0727, CVE-2024-1298, CVE-2024-13176, CVE-2024-2511,

CVE-2024-38796, CVE-2024-38797, CVE-2024-38805, CVE-2024-4741,

CVE-2024-5535, CVE-2024-6119, CVE-2024-9143, CVE-2025-2295,

CVE-2025-3770, CVE-2025-9232

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7894-1

Topics%20covered

Topics Covered

security advisory denial of service critical access issue Ubuntu EDK II

Package Information

https://launchpad.net/ubuntu/+source/edk2/2025.02-3ubuntu2.2 https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here