ovmf: Fix CVE-2023-45237 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-08-02 03:34:33 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	4c2d3e37308cac98614dfafed79b7323423af8bc (patch)
tree	17bda8fe3760d2faec6f3601bdf257f0d108c33c /scripts/lib/devtool/build.py
parent	3a7159d8d87d665cea93e2dc52201eb3dfbc46b9 (diff)
download	poky-4c2d3e37308cac98614dfafed79b7323423af8bc.tar.gz

ovmf: Fix CVE-2023-45237

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45237 Upstream-patches: https://github.com/tianocore/edk2/commit/cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c https://github.com/tianocore/edk2/commit/4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345 (From OE-Core rev: 6f8bdaad9d22e65108f859a695277ce1b20ef7c6) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: