{"id":"ALSA-2026:36721","summary":"Moderate: edk2 security, bug fix, and enhancement update","details":"EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.   \n\nSecurity Fix(es):  \n\n  * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)\n\n\nBug Fix(es) and Enhancement(s):  \n\n  * [FJ8.10 Bug] How to Update Secure Boot Certificates with Microsoft 2023 in KVM Guests (JIRA:AlmaLinux-151949)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-07-09T14:00:05.592242824Z","published":"2026-07-08T00:00:00Z","related":["CVE-2025-9230"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:36721"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-9230"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2396054"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2026-36721.html"}],"affected":[{"package":{"name":"edk2-aarch64","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/edk2-aarch64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20220126gitbb1bba3d77-13.el8_10.10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:36721.json"}},{"package":{"name":"edk2-ovmf","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/edk2-ovmf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20220126gitbb1bba3d77-13.el8_10.10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:36721.json"}}],"schema_version":"1.7.5"}