dmidecode: fix CVE-2023-30630 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2023-07-28 10:01:09 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-08-02 04:47:13 -1000
commit	f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72 (patch)
tree	f3719c3422c6bdbab14556ecdb08438729e58b64 /scripts/lib/devtool/build_image.py
parent	e01d123ba1d23d9f5933cf6c30104eefaf74d375 (diff)
download	poky-f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72.tar.gz

dmidecode: fix CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. References: https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone (From OE-Core rev: 4f83427a0a01e8285c9eb42d2a635d1ff7b23779) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build_image.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: