ovmf: Fix CVE-2022-36763 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-28 08:37:27 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:02 -0800
commit	ecf0eb5229631497429dbbc91d885b93a94c38c9 (patch)
tree	b76127e7aff8ac7536c62eefeed714fe46b1eff3 /scripts/lib/devtool/build.py
parent	0bffb5eed1e8c9469b9c6e0d77f959dc9ade9c6a (diff)
download	poky-ecf0eb5229631497429dbbc91d885b93a94c38c9.tar.gz

ovmf: Fix CVE-2022-36763

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: https://nvd.nist.gov/vuln/detail/CVE-2022-36763 Upstream-patches: https://github.com/tianocore/edk2/commit/224446543206450ddb5830e6abd026d61d3c7f4b https://github.com/tianocore/edk2/commit/4776a1b39ee08fc45c70c1eab5a0195f325000d3 https://github.com/tianocore/edk2/commit/1ddcb9fc6b4164e882687b031e8beacfcf7df29e (From OE-Core rev: 26db24533f9f32c32189e4621102b628a9ea6729) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: