ovmf: Fix CVE-2022-36764 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-28 08:45:11 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:02 -0800
commit	de62335badbd1481b9d5944ee05fd257b1fb9de4 (patch)
tree	e9e48927744d32c6941860562137a6973fdc8231 /scripts/lib/scriptpath.py
parent	ecf0eb5229631497429dbbc91d885b93a94c38c9 (diff)
download	poky-de62335badbd1481b9d5944ee05fd257b1fb9de4.tar.gz

ovmf: Fix CVE-2022-36764

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: https://nvd.nist.gov/vuln/detail/CVE-2022-36764 Upstream-patches: https://github.com/tianocore/edk2/commit/c7b27944218130cca3bbb20314ba5b88b5de4aa4 https://github.com/tianocore/edk2/commit/0d341c01eeabe0ab5e76693b36e728b8f538a40e https://github.com/tianocore/edk2/commit/8f6d343ae639fba8e4b80e45257275e23083431f (From OE-Core rev: aba14824159e549fd77cb90e3a9a327c527b366f) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: