libpam: fix CVE-2024-10041 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2024-12-09 13:26:07 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-16 05:58:03 -0800
commit	2a6fc7fbf2a772464dbf55dc3a645a042e93d866 (patch)
tree	c0437f15bd68c2ab86fc02a158ab10e7930531a4 /meta/classes/devshell.bbclass
parent	c6bb0ec77c745e060ef938e7f13d2e6a76774d98 (diff)
download	poky-2a6fc7fbf2a772464dbf55dc3a645a042e93d866.tar.gz

libpam: fix CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. References: https://security-tracker.debian.org/tracker/CVE-2024-10041 Upstream patches: https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be (From OE-Core rev: 3422c2533caaa2664944315580c52a2272815305) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/classes/devshell.bbclass')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: