ovmf: fix CVE-2024-38797 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Hongxu Jia <hongxu.jia@windriver.com>	2025-06-12 20:43:17 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-06-16 17:57:29 +0100
commit	c169e5d26a0d7d377d1b985543a715cab169c55c (patch)
tree	c2499c273b68fb4181d06d77e49a6d2c49379e6b /scripts/lib/checklayer/__init__.py
parent	6ed03701e37b460810a3702cd5b5798c104abcc0 (diff)
download	poky-c169e5d26a0d7d377d1b985543a715cab169c55c.tar.gz

ovmf: fix CVE-2024-38797

According to [1]: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. Backport fixes from upstream edk2 [2][3] [1] https://nvd.nist.gov/vuln/detail/CVE-2024-38797 [2] https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf [3] https://github.com/tianocore/edk2/pull/10928 (From OE-Core rev: a94550098d821e0055020a7d866648a761efcade) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/checklayer/__init__.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: