summaryrefslogtreecommitdiffstats
path: root/scripts/lib/devtool/runqemu.py
diff options
context:
space:
mode:
authorSoumya Sambu <soumya.sambu@windriver.com>2024-06-28 09:23:45 +0000
committerSteve Sakoman <steve@sakoman.com>2024-12-09 07:54:03 -0800
commit23e7248bd1d5e643f7c88a1f1d8502ff534c6021 (patch)
tree11becbdcdb01c77fe2087dd8032c85546df60691 /scripts/lib/devtool/runqemu.py
parenta2dfcc49028ff6a71179362cf1e7ed00798e2335 (diff)
downloadpoky-23e7248bd1d5e643f7c88a1f1d8502ff534c6021.tar.gz
ovmf: Fix CVE-2023-45234
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45234 Upstream-patches: https://github.com/tianocore/edk2/commit/1b53515d53d303166b2bbd31e2cc7f16fd0aecd7 https://github.com/tianocore/edk2/commit/458c582685fc0e8057d2511c5a0394078d988c17 (From OE-Core rev: d9d9e66349ac0a2e58f54b104fb1b30f1633c1ab) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/devtool/runqemu.py')
0 files changed, 0 insertions, 0 deletions