Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
VMware UEFI Firmware Update Fixes Cryptographic Vulnerability
SUSE-SU-2026:1413-1
Summary
This update addresses a vulnerability in the mbedtls library used in VMware UEFI Firmware, which could allow an attacker to exploit a timing-based attack to bypass encryption. This could potentially allow unauthorized access to sensitive data. Affected users should apply the update to ensure their system remains secure.
What to do
- Update ovmf to version 202408-150700.3.15.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Package Hub 15 SP7 | – | ovmf |
< 202408-150700.3.15.1 Fix: upgrade to 202408-150700.3.15.1
|
| SUSE:Linux Enterprise Module for Server Applications 15 SP7 | – | ovmf |
< 202408-150700.3.15.1 Fix: upgrade to 202408-150700.3.15.1
|
Original title
Security update for ovmf
Original description
This update for ovmf fixes the following issue:
- CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441).
- CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261413-1/ Vendor Advisory
- https://bugzilla.suse.com/1252441 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-59438 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026