From ce4a03734e7f196256a89a2e66229cd02c0c95e1 Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Fri, 13 Feb 2026 00:14:46 +0530 Subject: [PATCH 1/7] [AutoPR- Security] Patch hvloader for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 [HIGH] (#15767) Signed-off-by: Kanishk Bansal Co-authored-by: BinduSri-6522866 Co-authored-by: Kanishk Bansal (cherry picked from commit 4f89bd840f3362a7815708823126f71ae1d9b19d) --- .../hvloader-signed/hvloader-signed.spec | 4 + SPECS/hvloader/CVE-2025-69419.patch | 56 ++++++++++++++ SPECS/hvloader/CVE-2025-69420.patch | 50 ++++++++++++ SPECS/hvloader/CVE-2025-69421.patch | 37 +++++++++ SPECS/hvloader/CVE-2026-22795.patch | 77 +++++++++++++++++++ SPECS/hvloader/hvloader.spec | 12 +++ 6 files changed, 236 insertions(+) create mode 100644 SPECS/hvloader/CVE-2025-69419.patch create mode 100644 SPECS/hvloader/CVE-2025-69420.patch create mode 100644 SPECS/hvloader/CVE-2025-69421.patch create mode 100644 SPECS/hvloader/CVE-2026-22795.patch diff --git a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec index 38f26295609..bfcb900ad3e 100644 --- a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec +++ b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec @@ -69,7 +69,11 @@ popd /boot/efi/HvLoader.efi %changelog +<<<<<<< HEAD * Mon Feb 02 2026 Azure Linux Security Servicing Account - 1.0.1-17 +======= +* Mon Feb 09 2026 Azure Linux Security Servicing Account - 1.0.1-17 +>>>>>>> 4f89bd840 ([AutoPR- Security] Patch hvloader for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 [HIGH] (#15767)) - Bump release for consistency with hvloader spec. * Tue Jan 06 2026 Azure Linux Security Servicing Account - 1.0.1-16 diff --git a/SPECS/hvloader/CVE-2025-69419.patch b/SPECS/hvloader/CVE-2025-69419.patch new file mode 100644 index 00000000000..49ea6929836 --- /dev/null +++ b/SPECS/hvloader/CVE-2025-69419.patch @@ -0,0 +1,56 @@ +From 7c55e722e1ee27020d9e52df9a194c2e3a5ab4de Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Mon, 9 Feb 2026 11:04:29 +0000 +Subject: [PATCH] Check return code of UTF8_putc: handle failure in ASN.1 + string conversion and PKCS12 UTF-8 emission per upstream patch. Preserves + comments from patch. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296.patch +--- + .../Library/OpensslLib/openssl/crypto/asn1/a_strex.c | 6 ++++-- + .../OpensslLib/openssl/crypto/pkcs12/p12_utl.c | 11 +++++++++-- + 2 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c +index 284dde27..843b0f94 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/a_strex.c +@@ -203,8 +203,10 @@ static int do_buf(unsigned char *buf, int buflen, + orflags = CHARTYPE_LAST_ESC_2253; + if (type & BUF_TYPE_CONVUTF8) { + unsigned char utfbuf[6]; +- int utflen; +- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ ++ if (utflen < 0) ++ return -1; /* error happened with UTF8 */ + for (i = 0; i < utflen; i++) { + /* + * We don't need to worry about setting orflags correctly +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c +index 43b9e3a5..1c6b59d5 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_utl.c +@@ -207,8 +207,15 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) + /* re-run the loop emitting UTF-8 string */ + for (asclen = 0, i = 0; i < unilen; ) { + j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); +- if (j == 4) i += 4; +- else i += 2; ++ /* when UTF8_putc fails */ ++ if (j < 0) { ++ OPENSSL_free(asctmp); ++ return NULL; ++ } ++ if (j == 4) ++ i += 4; ++ else ++ i += 2; + asclen += j; + } + +-- +2.45.4 + diff --git a/SPECS/hvloader/CVE-2025-69420.patch b/SPECS/hvloader/CVE-2025-69420.patch new file mode 100644 index 00000000000..277703525b4 --- /dev/null +++ b/SPECS/hvloader/CVE-2025-69420.patch @@ -0,0 +1,50 @@ +From dbb834e047a19711836cb61561d9273e89f320fa Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Mon, 9 Feb 2026 11:04:59 +0000 +Subject: [PATCH] Verify ASN1 object's types before attempting to access them + as a particular type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Issue was reported in ossl_ess_get_signing_cert but is also present in ossl_ess_get_signing_cert_v2. + +Fixes: https://github.com/openssl/srt/issues/61 +Fixes CVE-2025-69420 + +Reviewed-by: Norbert Pocs +Reviewed-by: Saša Nedvědický +Reviewed-by: Tomas Mraz +MergeDate: Mon Jan 26 19:53:36 2026 +(cherry picked from commit ea8fc4c345fbd749048809c9f7c881ea656b0b94) +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/openssl/openssl/commit/ea8fc4c345fbd749048809c9f7c881ea656b0b94.patch +--- + .../Library/OpensslLib/openssl/crypto/ts/ts_rsp_verify.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/ts/ts_rsp_verify.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/ts/ts_rsp_verify.c +index 7fe3d27e..5d452d26 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/ts/ts_rsp_verify.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/ts/ts_rsp_verify.c +@@ -262,7 +262,7 @@ static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si) + ASN1_TYPE *attr; + const unsigned char *p; + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); +- if (!attr) ++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); +@@ -274,7 +274,7 @@ static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si) + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); +- if (attr == NULL) ++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); +-- +2.45.4 + diff --git a/SPECS/hvloader/CVE-2025-69421.patch b/SPECS/hvloader/CVE-2025-69421.patch new file mode 100644 index 00000000000..257ec5bd46c --- /dev/null +++ b/SPECS/hvloader/CVE-2025-69421.patch @@ -0,0 +1,37 @@ +From d69f898077165b522ae19bf1a24b10c7a5367835 Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Mon, 9 Feb 2026 11:05:00 +0000 +Subject: [PATCH] PKCS12_item_decrypt_d2i(): Check oct argument for NULL + +Backport of upstream fix to validate ASN1_OCTET_STRING argument before use. +Prevents NULL dereference when oct is NULL. + +Inspired by upstream patch for PKCS12_item_decrypt_d2i_ex(). + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/openssl/openssl/commit/2c13bf15286328641a805eb3b7c97e27d42881fb.patch +--- + .../Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c +index 3c860584..85835734 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_decr.c +@@ -88,6 +88,13 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + void *ret; + int outlen; + ++ ++ /* Check oct for NULL to avoid dereferencing a NULL pointer */ ++ if (oct == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ + if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, + &out, &outlen, 0)) { + PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, +-- +2.45.4 + diff --git a/SPECS/hvloader/CVE-2026-22795.patch b/SPECS/hvloader/CVE-2026-22795.patch new file mode 100644 index 00000000000..66858966f29 --- /dev/null +++ b/SPECS/hvloader/CVE-2026-22795.patch @@ -0,0 +1,77 @@ +From 1cbd2e0aef0cc6f6b6300408835cd6a3078c1ac4 Mon Sep 17 00:00:00 2001 +From: Bob Beck +Date: Wed, 7 Jan 2026 11:29:48 -0700 +Subject: [PATCH] Ensure ASN1 types are checked before use. + +Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8 +this fix includes the other fixes in that commit, as well as fixes for others found by a scan +for a similar unvalidated access paradigm in the tree. + +Reviewed-by: Kurt Roeckx +Reviewed-by: Shane Lontis +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/29582) + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49.patch +--- + CryptoPkg/Library/OpensslLib/openssl/apps/s_client.c | 3 ++- + .../OpensslLib/openssl/crypto/pkcs12/p12_kiss.c | 10 ++++++++-- + .../Library/OpensslLib/openssl/crypto/pkcs7/pk7_doit.c | 2 ++ + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/CryptoPkg/Library/OpensslLib/openssl/apps/s_client.c b/CryptoPkg/Library/OpensslLib/openssl/apps/s_client.c +index 00effc80..6e8cc6e9 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/apps/s_client.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/apps/s_client.c +@@ -2698,8 +2698,9 @@ int s_client_main(int argc, char **argv) + goto end; + } + atyp = ASN1_generate_nconf(genstr, cnf); +- if (atyp == NULL) { ++ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) { + NCONF_free(cnf); ++ ASN1_TYPE_free(atyp); + BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); + goto end; + } +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_kiss.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_kiss.c +index 7ab98385..d90404dd 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_kiss.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_kiss.c +@@ -183,11 +183,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + ASN1_BMPSTRING *fname = NULL; + ASN1_OCTET_STRING *lkid = NULL; + +- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) ++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) { ++ if (attrib->type != V_ASN1_BMPSTRING) ++ return 0; + fname = attrib->value.bmpstring; ++ } + +- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) ++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) { ++ if (attrib->type != V_ASN1_OCTET_STRING) ++ return 0; + lkid = attrib->value.octet_string; ++ } + + switch (PKCS12_SAFEBAG_get_nid(bag)) { + case NID_keyBag: +diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_doit.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_doit.c +index f63fbc50..4e0eb1e8 100644 +--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_doit.c ++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_doit.c +@@ -1092,6 +1092,8 @@ ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) + ASN1_TYPE *astype; + if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) + return NULL; ++ if (astype->type != V_ASN1_OCTET_STRING) ++ return NULL; + return astype->value.octet_string; + } + +-- +2.45.4 + diff --git a/SPECS/hvloader/hvloader.spec b/SPECS/hvloader/hvloader.spec index fbe7989514c..523f1d2303e 100644 --- a/SPECS/hvloader/hvloader.spec +++ b/SPECS/hvloader/hvloader.spec @@ -37,9 +37,16 @@ Patch19: CVE-2024-38796.patch Patch20: CVE-2025-3770.patch Patch21: CVE-2025-2296.patch Patch22: CVE-2025-2295.patch +<<<<<<< HEAD Patch23: CVE-2025-68160.patch Patch24: CVE-2025-69418.patch Patch25: CVE-2026-22796.patch +======= +Patch23: CVE-2025-69419.patch +Patch24: CVE-2025-69420.patch +Patch25: CVE-2025-69421.patch +Patch26: CVE-2026-22795.patch +>>>>>>> 4f89bd840 ([AutoPR- Security] Patch hvloader for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 [HIGH] (#15767)) BuildRequires: bc BuildRequires: gcc @@ -85,8 +92,13 @@ cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{ /boot/efi/HvLoader.efi %changelog +<<<<<<< HEAD * Mon Feb 02 2026 Azure Linux Security Servicing Account - 1.0.1-17 - Patch for CVE-2026-22796, CVE-2025-68160, CVE-2025-69418 +======= +* Mon Feb 09 2026 Azure Linux Security Servicing Account - 1.0.1-17 +- Patch for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 +>>>>>>> 4f89bd840 ([AutoPR- Security] Patch hvloader for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 [HIGH] (#15767)) * Tue Jan 06 2026 Azure Linux Security Servicing Account - 1.0.1-16 - Patch for CVE-2025-2295 From 7d6513489ca41a1a169ad535922d2e2f0f001efb Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 12 Feb 2026 10:51:34 -0800 Subject: [PATCH 2/7] Conflicts resolved by Auto-Cherry Pick for SPECS-SIGNED/hvloader-signed/hvloader-signed.spec --- SPECS-SIGNED/hvloader-signed/hvloader-signed.spec | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec index bfcb900ad3e..e98773e18ca 100644 --- a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec +++ b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec @@ -69,11 +69,7 @@ popd /boot/efi/HvLoader.efi %changelog -<<<<<<< HEAD -* Mon Feb 02 2026 Azure Linux Security Servicing Account - 1.0.1-17 -======= * Mon Feb 09 2026 Azure Linux Security Servicing Account - 1.0.1-17 ->>>>>>> 4f89bd840 ([AutoPR- Security] Patch hvloader for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 [HIGH] (#15767)) - Bump release for consistency with hvloader spec. * Tue Jan 06 2026 Azure Linux Security Servicing Account - 1.0.1-16 @@ -82,6 +78,9 @@ popd * Thu Nov 20 2025 Jyoti kanase - 1.0.1-15 - Bump release for consistency with hvloader spec. +* Thu Nov 20 2025 Jyoti kanase - 1.0.1-15 +- Bump release for consistency with hvloader spec. + * Tue Aug 12 2025 Azure Linux Security Servicing Account - 1.0.1-14 - Bump release for consistency with hvloader spec. From df3b31c3e0b35b8164bfe98751cf1a75ebcddb92 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 12 Feb 2026 10:51:35 -0800 Subject: [PATCH 3/7] Conflicts resolved by Auto-Cherry Pick for SPECS/hvloader/hvloader.spec --- SPECS/hvloader/hvloader.spec | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/SPECS/hvloader/hvloader.spec b/SPECS/hvloader/hvloader.spec index 523f1d2303e..52b31aa23df 100644 --- a/SPECS/hvloader/hvloader.spec +++ b/SPECS/hvloader/hvloader.spec @@ -37,16 +37,10 @@ Patch19: CVE-2024-38796.patch Patch20: CVE-2025-3770.patch Patch21: CVE-2025-2296.patch Patch22: CVE-2025-2295.patch -<<<<<<< HEAD -Patch23: CVE-2025-68160.patch -Patch24: CVE-2025-69418.patch -Patch25: CVE-2026-22796.patch -======= Patch23: CVE-2025-69419.patch Patch24: CVE-2025-69420.patch Patch25: CVE-2025-69421.patch Patch26: CVE-2026-22795.patch ->>>>>>> 4f89bd840 ([AutoPR- Security] Patch hvloader for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 [HIGH] (#15767)) BuildRequires: bc BuildRequires: gcc @@ -92,13 +86,8 @@ cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{ /boot/efi/HvLoader.efi %changelog -<<<<<<< HEAD -* Mon Feb 02 2026 Azure Linux Security Servicing Account - 1.0.1-17 -- Patch for CVE-2026-22796, CVE-2025-68160, CVE-2025-69418 -======= * Mon Feb 09 2026 Azure Linux Security Servicing Account - 1.0.1-17 - Patch for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 ->>>>>>> 4f89bd840 ([AutoPR- Security] Patch hvloader for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 [HIGH] (#15767)) * Tue Jan 06 2026 Azure Linux Security Servicing Account - 1.0.1-16 - Patch for CVE-2025-2295 From b21c6c69e06c1d08a9b157226a2e73b272c69a74 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Sun, 15 Feb 2026 12:33:58 -0700 Subject: [PATCH 4/7] Bump release version to 1.0.1-18 Updated changelog to reflect new release version. --- SPECS-SIGNED/hvloader-signed/hvloader-signed.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec index e98773e18ca..5870b110306 100644 --- a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec +++ b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec @@ -69,6 +69,9 @@ popd /boot/efi/HvLoader.efi %changelog +* Mon Feb 15 2026 Azure Linux Security Servicing Account - 1.0.1-18 +- Bump release for consistency with hvloader spec. + * Mon Feb 09 2026 Azure Linux Security Servicing Account - 1.0.1-17 - Bump release for consistency with hvloader spec. From 7bebb3cf29c128e17502228f771fad84229c14a4 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Sun, 15 Feb 2026 12:37:16 -0700 Subject: [PATCH 5/7] Bump release to 18 and add CVE patches Updated release number and added patches for CVEs. --- SPECS/hvloader/hvloader.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/SPECS/hvloader/hvloader.spec b/SPECS/hvloader/hvloader.spec index 52b31aa23df..3fb01a020e0 100644 --- a/SPECS/hvloader/hvloader.spec +++ b/SPECS/hvloader/hvloader.spec @@ -4,7 +4,7 @@ Summary: HvLoader.efi is an EFI application for loading an external hypervisor loader. Name: hvloader Version: 1.0.1 -Release: 17%{?dist} +Release: 18%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -41,6 +41,10 @@ Patch23: CVE-2025-69419.patch Patch24: CVE-2025-69420.patch Patch25: CVE-2025-69421.patch Patch26: CVE-2026-22795.patch +Patch27: CVE-2025-68160.patch +Patch28: CVE-2025-69418.patch +Patch29: CVE-2026-22796.patch + BuildRequires: bc BuildRequires: gcc @@ -86,6 +90,9 @@ cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{ /boot/efi/HvLoader.efi %changelog +* Sun Feb 15 2026 Azure Linux Security Servicing Account - 1.0.1-18 +- Patch for CVE-2026-22796, CVE-2025-68160, CVE-2025-69418 + * Mon Feb 09 2026 Azure Linux Security Servicing Account - 1.0.1-17 - Patch for CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419 From 01e813bd8cfe54e12d8cc5928a1bd378f6daa74e Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Sun, 15 Feb 2026 12:37:39 -0700 Subject: [PATCH 6/7] Increment release version to 18 --- SPECS-SIGNED/hvloader-signed/hvloader-signed.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec index 5870b110306..641ab9d9039 100644 --- a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec +++ b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec @@ -6,7 +6,7 @@ Summary: Signed HvLoader.efi for %{buildarch} systems Name: hvloader-signed-%{buildarch} Version: 1.0.1 -Release: 17%{?dist} +Release: 18%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner From a5fac63e4925af1da224f9d13fb8ca9ff7e78570 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Sun, 15 Feb 2026 12:47:41 -0700 Subject: [PATCH 7/7] Update changelog date for consistency --- SPECS-SIGNED/hvloader-signed/hvloader-signed.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec index 641ab9d9039..4b5b39ce361 100644 --- a/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec +++ b/SPECS-SIGNED/hvloader-signed/hvloader-signed.spec @@ -69,7 +69,7 @@ popd /boot/efi/HvLoader.efi %changelog -* Mon Feb 15 2026 Azure Linux Security Servicing Account - 1.0.1-18 +* Sun Feb 15 2026 Azure Linux Security Servicing Account - 1.0.1-18 - Bump release for consistency with hvloader spec. * Mon Feb 09 2026 Azure Linux Security Servicing Account - 1.0.1-17