Red Hat Product Errata RHSA-2026:18320 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18320 - Security Advisory Overview Updated Packages Synopsis Moderate: edk2 security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for edk2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2396054 - CVE-2025-9230 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap RHEL-111718 - [edk2,rhel-10] rebase to edk2-stable202508 RHEL-109548 - [aarch64][edk2] missing DBXUpdate-${date}.aa64.bin RHEL-126085 - [edk2,rhel-10] dbx update to 20251016 / v1.6.1 CVEs CVE-2025-9230 References https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM edk2-20250822-4.el10.src.rpm SHA-256: 45d991f7ad1fd8dc15c6b6af48ed96590e58dcd2cab86d4b08ffe41ee52af7b2 x86_64 edk2-ovmf-20250822-4.el10.noarch.rpm SHA-256: 590c30d5f5f8c9fdb89a9a283e53c5f378f7c75041759bb8b08ed04d1a8fbef3 Red Hat Enterprise Linux for ARM 64 10 SRPM edk2-20250822-4.el10.src.rpm SHA-256: 45d991f7ad1fd8dc15c6b6af48ed96590e58dcd2cab86d4b08ffe41ee52af7b2 aarch64 edk2-aarch64-20250822-4.el10.noarch.rpm SHA-256: 07e627bc6ebe53f0462767994dedbdebc10e30fbfe560ed62c93757501dbf427 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 edk2-aarch64-20250822-4.el10.noarch.rpm SHA-256: 07e627bc6ebe53f0462767994dedbdebc10e30fbfe560ed62c93757501dbf427 edk2-debugsource-20250822-4.el10.x86_64.rpm SHA-256: c09631e0c72cf8038498cf791ed717ee188980b75bfa839737d7d86e03f335c9 edk2-tools-20250822-4.el10.x86_64.rpm SHA-256: daf5f53ff6a5f077d9531da8712d97114c988a8f31ad47460bdbf2575f3005aa edk2-tools-debuginfo-20250822-4.el10.x86_64.rpm SHA-256: 268c6d7d3e96e37f01c3598ead775401df9a6501c694ee49b7083535022d5425 edk2-tools-doc-20250822-4.el10.noarch.rpm SHA-256: 69eb297d41187e2b77f556226b0fe8f68f1085cdd99441602ba86501fb63096f Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le edk2-aarch64-20250822-4.el10.noarch.rpm SHA-256: 07e627bc6ebe53f0462767994dedbdebc10e30fbfe560ed62c93757501dbf427 edk2-ovmf-20250822-4.el10.noarch.rpm SHA-256: 590c30d5f5f8c9fdb89a9a283e53c5f378f7c75041759bb8b08ed04d1a8fbef3 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 edk2-debugsource-20250822-4.el10.aarch64.rpm SHA-256: 91fd254b15d2ea302f9ab7fb340023eba961913214f9bff50848836a70bde07a edk2-ovmf-20250822-4.el10.noarch.rpm SHA-256: 590c30d5f5f8c9fdb89a9a283e53c5f378f7c75041759bb8b08ed04d1a8fbef3 edk2-tools-20250822-4.el10.aarch64.rpm SHA-256: dbd5e97b26ff6166eb9a4d8a4cba9d765c04ef54995e0a72d0470fbf18c080a1 edk2-tools-debuginfo-20250822-4.el10.aarch64.rpm SHA-256: 91e7b440d3befd1c5070decc52ae5e4349f8d66f0d79d670e58479ace5b897e8 edk2-tools-doc-20250822-4.el10.noarch.rpm SHA-256: 69eb297d41187e2b77f556226b0fe8f68f1085cdd99441602ba86501fb63096f Red Hat CodeReady Linux Builder for IBM z Systems 10 SRPM s390x edk2-aarch64-20250822-4.el10.noarch.rpm SHA-256: 07e627bc6ebe53f0462767994dedbdebc10e30fbfe560ed62c93757501dbf427 edk2-ovmf-20250822-4.el10.noarch.rpm SHA-256: 590c30d5f5f8c9fdb89a9a283e53c5f378f7c75041759bb8b08ed04d1a8fbef3 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .