ovmf: Fix CVE-2023-45229 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-28 09:42:17 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	3a7159d8d87d665cea93e2dc52201eb3dfbc46b9 (patch)
tree	eb37af39a2300cf6832ea63738b1b4287dc6d831 /scripts/lib/devtool/search.py
parent	5133058e11e93b24113517cf39d6c1e7430b597e (diff)
download	poky-3a7159d8d87d665cea93e2dc52201eb3dfbc46b9.tar.gz

ovmf: Fix CVE-2023-45229

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45229 Upstream-patches: https://github.com/tianocore/edk2/commit/1dbb10cc52dc8ef49bb700daa1cefc76b26d52e0 https://github.com/tianocore/edk2/commit/07362769ab7a7d74dbea1c7a7a3662c7b5d1f097 https://github.com/tianocore/edk2/commit/1c440a5eceedc64e892877eeac0f1a4938f5abbb https://github.com/tianocore/edk2/commit/1d0b95f6457d225c5108302a9da74b4ed7aa5a38 (From OE-Core rev: 23a87c571ae4cdd285a96af0d458906aaf8c4571) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/search.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: