ovmf: fix CVE-2025-2295 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Hongxu Jia <hongxu.jia@windriver.com>	2025-04-07 19:37:13 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-04-10 11:05:34 +0100
commit	db026b59724c1115167238be050c989212eb6ac2 (patch)
tree	27e13eb990c05bb889078085ab1e53221f5b67ca /scripts/lib/devtool/build_sdk.py
parent	b9139b242e500a9f7ce9671d258439d0e57c2086 (diff)
download	poky-db026b59724c1115167238be050c989212eb6ac2.tar.gz

ovmf: fix CVE-2025-2295

According to [1], EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. Refer debian [2], backport a patch from edk2 [3] to fix CVE-2025-2295 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2295 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594 [3] https://github.com/tianocore/edk2/commit/17cdc512f02a2dfd1b9e24133da56fdda099abda (From OE-Core rev: 0f59dec939cf0d313b1b01b1e7bf10e059d9d0ac) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/devtool/build_sdk.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: