summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/images
diff options
context:
space:
mode:
authorXiangyu Chen <xiangyu.chen@windriver.com>2023-11-12 20:57:44 +0800
committerSteve Sakoman <steve@sakoman.com>2023-11-13 12:22:20 -1000
commit7f366c7d843d979e7b2c33f76cc8723f281cb890 (patch)
tree86bc51079997e0644739594c64853be1f1934f9d /meta/recipes-core/images
parentc0c48c613df5a1f9d397398a9817e843c01d991e (diff)
downloadpoky-7f366c7d843d979e7b2c33f76cc8723f281cb890.tar.gz
grub: Fix for CVE-2023-4692 and CVE-2023-4693
CVE: CVE-2023-4692 Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass. Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea] CVE: CVE-2023-4693 There an out-of-bounds read at fs/ntfs.c, a physically present attacker may leverage that by presenting a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack may allow sensitive data cached in memory or EFI variables values to be leaked presenting a high Confidentiality risk. Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94] (From OE-Core rev: 51236150a3740d95e3601499d3918af5a37f8f86) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit: a8bc6f041599ce8da275c163c87f155a2f09369c) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/images')
0 files changed, 0 insertions, 0 deletions