ovmf: Fix CVE-2023-45236 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-08-02 03:38:03 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	dd8ed68222f9249766bb4c376833d7d63d601c41 (patch)
tree	04ea38afcf1739205c31b4031d56ca51bc7436fb /scripts/lib/devtool/package.py
parent	4c2d3e37308cac98614dfafed79b7323423af8bc (diff)
download	poky-dd8ed68222f9249766bb4c376833d7d63d601c41.tar.gz

ovmf: Fix CVE-2023-45236

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45236 Upstream-patch: https://github.com/tianocore/edk2/commit/1904a64bcc18199738e5be183d28887ac5d837d7 (From OE-Core rev: a9cd3321558e95f61ed4c5eca0dcf5a3f4704925) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/package.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: