Red Hat Product Errata RHSA-2026:18465 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18465 - Security Advisory Overview Updated Packages Synopsis Important: edk2 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for edk2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: EDK2: Improper Input Validation allows arbitrary command execution (CVE-2025-2296) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2420637 - CVE-2025-2296 edk2: EDK2: Improper Input Validation allows arbitrary command execution RHEL-118386 - [edk2,rhel-10] rebase to edk2-stable202511 RHEL-112106 - [RHEL-10.1] TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29 RHEL-116433 - [edk2] memory logging does not work with sev-snp RHEL-138335 - [AmpereoneX] ArmConfigureMmu: The MaxAddress 0xFFFFFFFFFFFFF is not supported by this MMU configuration RHEL-147785 - [edk2] pick up openssl updates RHEL-150696 - edk2: Add JSON descriptors for uefi-vars builds CVEs CVE-2025-2296 References https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM edk2-20251114-5.el10_2.src.rpm SHA-256: 3a25b4c0b492978dbe27f20f6604f35eb6449f9e5db3d8d0341a97d0ed1714f9 x86_64 edk2-ovmf-20251114-5.el10_2.noarch.rpm SHA-256: 964f5196e2da401d1cff0983d6601008ba965887ccd6095815e05fe310ce4e69 Red Hat Enterprise Linux for ARM 64 10 SRPM edk2-20251114-5.el10_2.src.rpm SHA-256: 3a25b4c0b492978dbe27f20f6604f35eb6449f9e5db3d8d0341a97d0ed1714f9 aarch64 edk2-aarch64-20251114-5.el10_2.noarch.rpm SHA-256: afa6620d544b39552ab5f3ce7bbd37cffe53496482d1395d3a957317933f6cb4 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 edk2-aarch64-20251114-5.el10_2.noarch.rpm SHA-256: afa6620d544b39552ab5f3ce7bbd37cffe53496482d1395d3a957317933f6cb4 edk2-debugsource-20251114-5.el10_2.x86_64.rpm SHA-256: a0b4662b7db13142c16453e5e56fed0933f8ee14819f0cbf409f5d3ac6f0864b edk2-tools-20251114-5.el10_2.x86_64.rpm SHA-256: ebccaaa6bed385afb933ad59abde7731afe5036f9ef3e46311cc9bc6834c3567 edk2-tools-debuginfo-20251114-5.el10_2.x86_64.rpm SHA-256: 1aba17c3e9f1579fda0224baba3dc8d83fea092a6b434850361dfbffeac21e30 edk2-tools-doc-20251114-5.el10_2.noarch.rpm SHA-256: 3fd7790a5997aaeb3edc5580acadf83fd821ee1be24eee1d1429973e4afcc66c Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le edk2-aarch64-20251114-5.el10_2.noarch.rpm SHA-256: afa6620d544b39552ab5f3ce7bbd37cffe53496482d1395d3a957317933f6cb4 edk2-ovmf-20251114-5.el10_2.noarch.rpm SHA-256: 964f5196e2da401d1cff0983d6601008ba965887ccd6095815e05fe310ce4e69 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 edk2-debugsource-20251114-5.el10_2.aarch64.rpm SHA-256: 7f3d8ae18f0b6be432f4acd30126f8fa9fed390d40095e90502fdc4d6800ef51 edk2-ovmf-20251114-5.el10_2.noarch.rpm SHA-256: 964f5196e2da401d1cff0983d6601008ba965887ccd6095815e05fe310ce4e69 edk2-tools-20251114-5.el10_2.aarch64.rpm SHA-256: 07c886f8178820d452063e29e553bed0633c686cb9c780baeb445154b39ee4c7 edk2-tools-debuginfo-20251114-5.el10_2.aarch64.rpm SHA-256: 9c98c2ef3736250323e09ee83379d0e14269c1ef718cb7b530889346fb11f3ac edk2-tools-doc-20251114-5.el10_2.noarch.rpm SHA-256: 3fd7790a5997aaeb3edc5580acadf83fd821ee1be24eee1d1429973e4afcc66c Red Hat CodeReady Linux Builder for IBM z Systems 10 SRPM s390x edk2-aarch64-20251114-5.el10_2.noarch.rpm SHA-256: afa6620d544b39552ab5f3ce7bbd37cffe53496482d1395d3a957317933f6cb4 edk2-ovmf-20251114-5.el10_2.noarch.rpm SHA-256: 964f5196e2da401d1cff0983d6601008ba965887ccd6095815e05fe310ce4e69 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .