ovmf: Fix CVE-2023-45234 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-28 09:23:45 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	23e7248bd1d5e643f7c88a1f1d8502ff534c6021 (patch)
tree	11becbdcdb01c77fe2087dd8032c85546df60691 /scripts/lib/devtool/package.py
parent	a2dfcc49028ff6a71179362cf1e7ed00798e2335 (diff)
download	poky-23e7248bd1d5e643f7c88a1f1d8502ff534c6021.tar.gz

ovmf: Fix CVE-2023-45234

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45234 Upstream-patches: https://github.com/tianocore/edk2/commit/1b53515d53d303166b2bbd31e2cc7f16fd0aecd7 https://github.com/tianocore/edk2/commit/458c582685fc0e8057d2511c5a0394078d988c17 (From OE-Core rev: d9d9e66349ac0a2e58f54b104fb1b30f1633c1ab) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/package.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: