diff options
author | Xiangyu Chen <xiangyu.chen@windriver.com> | 2023-11-12 20:57:44 +0800 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-11-13 06:20:45 -1000 |
commit | 51236150a3740d95e3601499d3918af5a37f8f86 (patch) | |
tree | 35269119de3f66313e6c2557ebf520c96fb059ae /meta/recipes-core/gettext | |
parent | 3c35416a8bff3a857004beadbd053d50eca30ce2 (diff) | |
download | openembedded-core-51236150a3740d95e3601499d3918af5a37f8f86.tar.gz |
grub: Fix for CVE-2023-4692 and CVE-2023-4693
CVE: CVE-2023-4692
Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
CVE: CVE-2023-4693
There an out-of-bounds read at fs/ntfs.c, a physically present attacker
may leverage that by presenting a specially crafted NTFS file system
image to read arbitrary memory locations. A successful attack may allow
sensitive data cached in memory or EFI variables values to be leaked
presenting a high Confidentiality risk.
Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94]
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit: a8bc6f041599ce8da275c163c87f155a2f09369c)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/gettext')
0 files changed, 0 insertions, 0 deletions