ofono: fix CVE-2023-2794 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-08-08 05:22:03 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-08-16 08:09:14 -0700
commit	204b28c41977cac9d1b428b490aaf7441140e92a (patch)
tree	f1986b19143929463c3ef640e2376ea860a6fafc /meta/recipes-devtools/python/python3-installer
parent	6313a595f9b5e0764701db134e91e2f1d7b72fa5 (diff)
download	poky-204b28c41977cac9d1b428b490aaf7441140e92a.tar.gz

ofono: fix CVE-2023-2794

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver(). Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-2794 Upstream patches: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e2688880b065a39c9 (From OE-Core rev: 5114e9064dbabd5258f512cd97c79fc40f848b98) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3-installer')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: