ovmf: Fix CVE-2023-45235 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-28 09:35:16 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-12-09 07:54:03 -0800
commit	5133058e11e93b24113517cf39d6c1e7430b597e (patch)
tree	aaccefea1889e17013867d630dae1d894492e0c1 /scripts/lib/scriptutils.py
parent	23e7248bd1d5e643f7c88a1f1d8502ff534c6021 (diff)
download	poky-5133058e11e93b24113517cf39d6c1e7430b597e.tar.gz

ovmf: Fix CVE-2023-45235

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45235 Upstream-patches: https://github.com/tianocore/edk2/commit/fac297724e6cc343430cd0104e55cd7a96d1151e https://github.com/tianocore/edk2/commit/ff2986358f75d8f58ef08a66fe673539c9c48f41 (From OE-Core rev: dd26902517c30f34cc661cf9f79fc589d0358412) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: