ovmf: Fix CVE-2023-45232, CVE-2023-45233 - linux/poky.git

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-28 09:09:53 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	a2dfcc49028ff6a71179362cf1e7ed00798e2335 (patch)
tree	1eb0aba8afa6b9d704678de0117fac055c3925b2 /scripts/lib/devtool/package.py
parent	9bd68aeb6678c60833965aa3d5bd31a7cef3d45c (diff)
download	poky-a2dfcc49028ff6a71179362cf1e7ed00798e2335.tar.gz

ovmf: Fix CVE-2023-45232, CVE-2023-45233

CVE-2023-45232: EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. CVE-2023-45233: EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45232 https://nvd.nist.gov/vuln/detail/CVE-2023-45233 Upstream-patches: https://github.com/tianocore/edk2/commit/4df0229ef992d4f2721a8508787ebf9dc81fbd6e https://github.com/tianocore/edk2/commit/c9c87f08dd6ace36fa843424522c3558a8374cac (From OE-Core rev: c84eb03f07687d2e0df1e2033599fa2cf79c6b4d) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/package.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: