libpam: fix CVE-2024-10041 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2024-12-09 13:18:26 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-13 05:21:54 -0800
commit	a5e0237596b3d4b7026bba75c6cc6e5f44bc8197 (patch)
tree	40db01b9cd44e9b79fb6dc6e632a22133e66e43b /scripts/lib/devtool/runqemu.py
parent	cbafea41f5fa7f196d159b32171e9a693150a08b (diff)
download	poky-a5e0237596b3d4b7026bba75c6cc6e5f44bc8197.tar.gz

libpam: fix CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. References: https://security-tracker.debian.org/tracker/CVE-2024-10041 Upstream patches: https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be (From OE-Core rev: 0e76d9bf150ac3bf96081cc1bda07e03e16fe994) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/runqemu.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: