Bug#1122288: marked as done (edk2: CVE-2024-38798)

[Debian Bug Tracking System]

Your message dated Sat, 27 Dec 2025 19:00:53 +0000
with message-id <e1vzzx3-007rr4...@fasolo.debian.org>
and subject line Bug#1122288: fixed in edk2 2025.11-1
has caused the Debian Bug report #1122288,
regarding edk2: CVE-2024-38798
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1122288: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: edk2
Version: 2025.08.01-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for edk2.

CVE-2024-38798[0]:
| EDK2 contains a vulnerability in BIOS where an attacker may cause
| “Exposure of Sensitive Information to an Unauthorized Actor” by
| local access. Successful exploitation of this vulnerability will
| lead to   possible information disclosure or escalation of privilege
| and impact Confidentiality.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-38798
    https://www.cve.org/CVERecord?id=CVE-2024-38798
[1] https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: edk2
Source-Version: 2025.11-1
Done: dann frazier <da...@debian.org>

We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1122...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
dann frazier <da...@debian.org> (supplier of updated edk2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Dec 2025 18:44:07 -0700
Source: edk2
Binary: efi-shell-aa64 efi-shell-loongarch64 efi-shell-riscv64 efi-shell-x64 
ovmf ovmf-amdsev ovmf-generic ovmf-inteltdx qemu-efi-aarch64 
qemu-efi-loongarch64 qemu-efi-riscv64
Architecture: source all
Version: 2025.11-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: dann frazier <da...@debian.org>
Description:
 efi-shell-aa64 - UEFI Shell for 64-bit ARM architecture
 efi-shell-loongarch64 - UEFI Shell for 64-bit LoongArch architecture
 efi-shell-riscv64 - UEFI Shell for 64-bit RISC-V architecture
 efi-shell-x64 - UEFI Shell for 64-bit x86 architecture
 ovmf       - UEFI firmware for 64-bit x86 virtual machines
 ovmf-amdsev - UEFI firmware for AMD SEV-SNP confidential virtual machines
 ovmf-generic - UEFI firmware for 64-bit x86 virtual machines
 ovmf-inteltdx - UEFI firmware for Intel TDX confidential virtual machines
 qemu-efi-aarch64 - UEFI firmware for 64-bit ARM virtual machines
 qemu-efi-loongarch64 - UEFI firmware for LoongArch64 virtual machines
 qemu-efi-riscv64 - UEFI firmware for RISCV64 virtual machines
Closes: 1122288
Changes:
 edk2 (2025.11-1) unstable; urgency=medium
 .
   * New upstream release, based on edk2-stable202511 tag.
     - Refresh patches:
       + no-stack-protector-all-archs.diff
       + brotlicompress-disable.diff
       + x64-baseline-abi.patch
       + fix_nasm_compile.patch
     - Clear keyboard queue buffer to avoid leaking the password
       string, CVE-2024-38798. (Closes: #1122288)
   * Remove qemu-efi-arm, upstream has removed support for it.
   * Remove ovmf-ia32, upstream has removed support for it.
   * Split ovmf out into ovmf-generic, ovmf-amdsev, ovmf-inteltdx,
     and transition ovmf into a metapackage that depends on each
     of them. This lets users install only the packages that are
     usable on their CPUs.
   * d/control, d/tests/control: Use architecture-specific qemu-system
     virtual packages.
Checksums-Sha1:
 08286dd09c47ec487bb01e75a497af55f152592a 2974 edk2_2025.11-1.dsc
 4fce046bb4dcf7261558c3d8ad038270a7bf87c3 60617840 edk2_2025.11.orig.tar.xz
 c1eea4c75f7fd6861c48dc1184e87b81d1480f2b 67696 edk2_2025.11-1.debian.tar.xz
 85fe53cd202136a525f327a8b4d7b2a8c3d02a6e 13817 edk2_2025.11-1_amd64.buildinfo
 09a474cf495b6f402d646bb8b947a891d14057b8 228248 
efi-shell-aa64_2025.11-1_all.deb
 b97e233935cbac69494a0d5243dd5a45d2eaac2d 268904 
efi-shell-loongarch64_2025.11-1_all.deb
 b0b69f7d414ada83ccbbe0c04b11d2e97ce66bd1 266692 
efi-shell-riscv64_2025.11-1_all.deb
 fe53b40a9a6cdb444539438c6dcff3abd204ee87 257276 efi-shell-x64_2025.11-1_all.deb
 5162b3ef872e23e3f7c16667052a64861db20e2a 706696 ovmf-amdsev_2025.11-1_all.deb
 3c47baaad49dc78b46e723a5a91903addad1301a 7264684 ovmf-generic_2025.11-1_all.deb
 755593a70ea2b662b15e695dc22ac60876266242 1192660 
ovmf-inteltdx_2025.11-1_all.deb
 d2d26e06944ceae1f2ba58e7b498fb8ac9d2e563 20432 ovmf_2025.11-1_all.deb
 f88b28b1da2b6d23b13dc42c89be8ae72922be0c 5255816 
qemu-efi-aarch64_2025.11-1_all.deb
 c35846a8680416a1d5e76dfbb4b0e2cc94d025b0 1700708 
qemu-efi-loongarch64_2025.11-1_all.deb
 3a1e37f28bf0e9f7c159151c5a2a206fd5d9c22a 1503724 
qemu-efi-riscv64_2025.11-1_all.deb
Checksums-Sha256:
 0eee2840eb5fe76ad8e98c1d8e020c1433bb30193d02efc93a4b5805cfb3bb51 2974 
edk2_2025.11-1.dsc
 926f148812c119a8d89b763ffd343ca99dd37c7b7e61e335ea51ef7db07d8c24 60617840 
edk2_2025.11.orig.tar.xz
 c52d5613037e75b526460ef6596d3c82106a680a99e1fbcc738c743e73bb2a21 67696 
edk2_2025.11-1.debian.tar.xz
 ebaf7dee46aa8a2d536f8c15ba1373d4201ecb70580a67c5026634940919bf8c 13817 
edk2_2025.11-1_amd64.buildinfo
 c993ee96aecc0e66c6db380977ef51c56f020f9d777775682f684e23a0afa1e0 228248 
efi-shell-aa64_2025.11-1_all.deb
 d67dc8c416a09bf050827e1f52efea4431ab64e123aa162ae3db716080b099c2 268904 
efi-shell-loongarch64_2025.11-1_all.deb
 dc81f982b5504a4e11ad946f346def52a553cb801c29d044b425f3fa509dc041 266692 
efi-shell-riscv64_2025.11-1_all.deb
 c0714619f92d2757df0e5c9e30a45600a49706261dbb90c174f907b41bcacd6f 257276 
efi-shell-x64_2025.11-1_all.deb
 d0fca90e082738dd28528bbed82aa4ef8b6cb0b1a0206eee3b5698b295df4685 706696 
ovmf-amdsev_2025.11-1_all.deb
 5e418e1425d2450ee4b87d3ebaf9e4c4ede7123e10fdbab7f9172f676ca74eb1 7264684 
ovmf-generic_2025.11-1_all.deb
 5e3626b022ca3e87ea26ca78b2c0ed786b57339f89573378c4f9a355015e30c5 1192660 
ovmf-inteltdx_2025.11-1_all.deb
 2639bcc84296b5fde20d91aaa6bca76a54b4a60835dddcea8c6ccc379bd7a80b 20432 
ovmf_2025.11-1_all.deb
 79b5767efe4139f28049fe7ac701fa6ef59f5c9678289d51f2e993d1d9a39f42 5255816 
qemu-efi-aarch64_2025.11-1_all.deb
 3d0f0ade9230cfdb0fa412712dd114cc04c0955981a381981135dc79c8f7f87b 1700708 
qemu-efi-loongarch64_2025.11-1_all.deb
 c0c219f259c4a02ad5414837fc076ded6fc3225803155c826e3fbe665db8b75a 1503724 
qemu-efi-riscv64_2025.11-1_all.deb
Files:
 7a046cc8a959bd0c025ddd4d5fe6c5ab 2974 misc optional edk2_2025.11-1.dsc
 1e434a676e9a8aa36eae6cff15752ed4 60617840 misc optional 
edk2_2025.11.orig.tar.xz
 3a1f56d5411f1e7cef6d10c51e3bf528 67696 misc optional 
edk2_2025.11-1.debian.tar.xz
 34443965902ac252d9dc5f7938daf4a9 13817 misc optional 
edk2_2025.11-1_amd64.buildinfo
 ac46cfe9e265ede7a3d4f40797964410 228248 misc optional 
efi-shell-aa64_2025.11-1_all.deb
 4242a2f8f653b771f0320abc316fe136 268904 misc optional 
efi-shell-loongarch64_2025.11-1_all.deb
 9e090e96ba3411b0ac52c11598694499 266692 misc optional 
efi-shell-riscv64_2025.11-1_all.deb
 5aac6f7218c4273b2569d8bbfba8a6ff 257276 misc optional 
efi-shell-x64_2025.11-1_all.deb
 dc64c5f70f9ee43a9eebfe002d0412f2 706696 misc optional 
ovmf-amdsev_2025.11-1_all.deb
 74369cb595b952074043afb98ed6fb82 7264684 misc optional 
ovmf-generic_2025.11-1_all.deb
 d8311c24bc1f7f599f0d43ec8738cd87 1192660 misc optional 
ovmf-inteltdx_2025.11-1_all.deb
 4b12fbc8b2a03f23b050961716775532 20432 misc optional ovmf_2025.11-1_all.deb
 749c496d6ae23ae7dd8c7089a16fe50d 5255816 misc optional 
qemu-efi-aarch64_2025.11-1_all.deb
 8a2982fda61e7432167f9a436b93bf62 1700708 misc optional 
qemu-efi-loongarch64_2025.11-1_all.deb
 73c5c659b9d2b04bf8b8b4fc68f73a01 1503724 misc optional 
qemu-efi-riscv64_2025.11-1_all.deb

-----BEGIN PGP SIGNATURE-----

iIcEARYKAC8WIQQoGlxLiiPDxHQh9i5UW4ZA9GI6WAUCaUlZkBEcZGFubmZAZGVi
aWFuLm9yZwAKCRBUW4ZA9GI6WFyRAQDEp3dRqSJqkAc+8ZMipL1sAVh5Q5bz42wG
k14xwpxHXwD+OfBpwzVhKJt14GDTvNIhAZtNTXIyjxt7TDXiY5d55Qo=
=crqG
-----END PGP SIGNATURE-----

pgpD6m3FAXGuB.pgp
Description: PGP signature

--- End Message ---