ovmf: Fix CVE-2022-36765 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-08-02 03:44:49 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	e8a9aac72d6336aa5e8b2782676bd6015b1c3fde (patch)
tree	910b184cbbcc6fe6c02d0625bcf36dc6fc07b60a /scripts/lib/devtool/menuconfig.py
parent	dd8ed68222f9249766bb4c376833d7d63d601c41 (diff)
download	poky-e8a9aac72d6336aa5e8b2782676bd6015b1c3fde.tar.gz

ovmf: Fix CVE-2022-36765

EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: https://nvd.nist.gov/vuln/detail/CVE-2022-36765 Upstream-patches: https://github.com/tianocore/edk2/commit/59f024c76ee57c2bec84794536302fc770cd6ec2 https://github.com/tianocore/edk2/commit/aeaee8944f0eaacbf4cdf39279785b9ba4836bb6 https://github.com/tianocore/edk2/commit/9a75b030cf27d2530444e9a2f9f11867f79bf679 (From OE-Core rev: 260fc2182e6a83d7c93b2e8efd95255cd9168a79) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/menuconfig.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: