grub: fix CVE-2023-4692
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver.
This issue may allow an attacker to present a specially crafted NTFS
filesystem image, leading to grub's heap metadata corruption. In some
circumstances, the attack may also corrupt the UEFI firmware heap metadata.
As a result, arbitrary code execution and secure boot protection bypass
may be achieved.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4692
https://bugzilla.redhat.com/show_bug.cgi?id=
2236613
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
projects / thirdparty / openembedded / openembedded-core.git / commit
