grub: add a fix for CVE-2020-25647 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Marta Rybczynska <rybczynska@gmail.com>	2022-01-26 10:20:44 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-16 09:48:51 +0000
commit	9959bee1af84dd068d69fc8b35d329fba075a80e (patch)
tree	bcbc741ae0ec3f423b7e5c7a9b2c9b3d4a75f514 /scripts/lib
parent	f5fe6f2a64ed32edeab8a0198fe57b45fdccf893 (diff)
download	poky-9959bee1af84dd068d69fc8b35d329fba075a80e.tar.gz

grub: add a fix for CVE-2020-25647

Fix a grub issue with incorrect values from an usb device. From the official description from NVD [1]: During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. This patch is a part of a bigger security collection for grub [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-25647 [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a339dee50be98931613e5525ccd2a623bcae7fd1) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: