]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5ef1adc) | patch
ovmf: fix CVE-2024-38797
authorHongxu Jia <hongxu.jia@windriver.com>
Fri, 13 Jun 2025 03:43:17 +0000 (20:43 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 16 Jun 2025 16:56:26 +0000 (17:56 +0100)
commita94550098d821e0055020a7d866648a761efcade
tree7c15f18a5799930d11610237264df6d7ac1a13b2tree
parent5ef1adca618cbf2d3e9ad2e5d504728b91d15e85commit | diff
ovmf: fix CVE-2024-38797

According to [1]:

EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of
bounds when a corrupted data pointer and length are sent via an adjecent network.
A successful exploit of this vulnerability may lead to a loss of Integrity and/or
Availability.

Backport fixes from upstream edk2 [2][3]

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-38797
[2] https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
[3] https://github.com/tianocore/edk2/pull/10928

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
meta/recipes-core/ovmf/ovmf/CVE-2024-38797-1.patch [new file with mode: 0644] blob
meta/recipes-core/ovmf/ovmf/CVE-2024-38797-2.patch [new file with mode: 0644] blob
meta/recipes-core/ovmf/ovmf/CVE-2024-38797-3.patch [new file with mode: 0644] blob
meta/recipes-core/ovmf/ovmf/CVE-2024-38797-4.patch [new file with mode: 0644] blob
meta/recipes-core/ovmf/ovmf_git.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core