grub: Fix for CVE-2023-4692 and CVE-2023-4693 - linux/poky.git

diff options

author	Xiangyu Chen <xiangyu.chen@windriver.com>	2023-11-09 12:35:29 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-10 17:44:27 +0000
commit	8e73cd04459eb6e5feac9331f3381a5fc8f5367a (patch)
tree	ebb1820d9ca8208995e34797dc86cce132524d47 /documentation/set_versions.py
parent	1f5d257006cc5dd0d676c4a7ebe4ea89b773e137 (diff)
download	poky-8e73cd04459eb6e5feac9331f3381a5fc8f5367a.tar.gz

grub: Fix for CVE-2023-4692 and CVE-2023-4693

CVE: CVE-2023-4692 Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass. Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea] CVE: CVE-2023-4693 There an out-of-bounds read at fs/ntfs.c, a physically present attacker may leverage that by presenting a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack may allow sensitive data cached in memory or EFI variables values to be leaked presenting a high Confidentiality risk. Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94] (From OE-Core rev: a8bc6f041599ce8da275c163c87f155a2f09369c) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'documentation/set_versions.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: