ALAS2-2025-2975

Amazon Linux 2 Security Advisory: ALAS2-2025-2975
Advisory Released Date: 2025-08-19
Advisory Updated Date: 2025-08-19

Severity: Important

References: CVE-2025-3770
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

EDK2 contains a vulnerability in BIOS where an attacker may cause "Protection Mechanism Failure" by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability. (CVE-2025-3770)

Affected Packages:

edk2

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update edk2 or yum update --advisory ALAS2-2025-2975 to update your system.

New Packages:

aarch64:
    edk2-tools-20240813-302.amzn2.aarch64
    edk2-debuginfo-20240813-302.amzn2.aarch64

noarch:
    edk2-ovmf-20240813-302.amzn2.noarch
    edk2-tools-doc-20240813-302.amzn2.noarch
    edk2-aarch64-20240813-302.amzn2.noarch

src:
    edk2-20240813-302.amzn2.src

x86_64:
    edk2-tools-20240813-302.amzn2.x86_64
    edk2-debuginfo-20240813-302.amzn2.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-3770

Mitre: CVE-2025-3770