ovmf: Fix CVE-2023-45230 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-28 08:56:23 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	8975a92de5dc34e4fb6a2842acb3482ebe1fbd1c (patch)
tree	c1d916471094761fb7602c4d97229dd167931ca2 /scripts/lib/devtool/build_image.py
parent	de62335badbd1481b9d5944ee05fd257b1fb9de4 (diff)
download	poky-8975a92de5dc34e4fb6a2842acb3482ebe1fbd1c.tar.gz

ovmf: Fix CVE-2023-45230

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45230 Upstream-patches: https://github.com/tianocore/edk2/commit/f31453e8d6542461d92d835e0b79fec8b039174d https://github.com/tianocore/edk2/commit/5f3658197bf29c83b3349b0ab1d99cdb0c3814bc (From OE-Core rev: 50b50174f057a9a5fb9773e67b4f183ae942ff10) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build_image.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: