mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-08 18:02:12 +01:00

Commit Graph

Author	SHA1	Message	Date
Adrian Freihofer	3d4850b3ea	dmidecode: fixup for CVE-2023-30630 The previous CVE-2023-30630_1.patch picked only the patch "dmidecode: Write the whole dump file at once" d8cfbc808f. But there was a refactoring which does not allow to cherry-pick it fast forward. Resolving this conflict was not correctly done. The patch was: + u32 len; + u8 *table; ... - if (!(opt.flags & FLAG_QUIET)) - pr_comment("Writing %d bytes to %s.", crafted[0x05], - opt.dumpfile); - write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1); + dmi_table_dump(crafted, crafted[0x05], table, len); It looks like the variables len and table have been added without initialization. Now this problem is solved by applying the previous refactoring as well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are rebased without changes. (From OE-Core rev: ea069a94a213cc153528aebfc387f30215566cc7) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-08-19 05:56:58 -10:00
Yogita Urade	f4c5d9a3a6	dmidecode: fix CVE-2023-30630 Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. References: https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone (From OE-Core rev: 4f83427a0a01e8285c9eb42d2a635d1ff7b23779) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-08-02 04:47:13 -10:00

Author

SHA1

Message

Date

Adrian Freihofer

3d4850b3ea

dmidecode: fixup for CVE-2023-30630

The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:

+    u32 len;
+    u8 *table;
...
-    if (!(opt.flags & FLAG_QUIET))
-        pr_comment("Writing %d bytes to %s.", crafted[0x05],
-                   opt.dumpfile);
-    write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+    dmi_table_dump(crafted, crafted[0x05], table, len);

It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.

(From OE-Core rev: ea069a94a213cc153528aebfc387f30215566cc7)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-08-19 05:56:58 -10:00

Yogita Urade

f4c5d9a3a6

dmidecode: fix CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
This has security relevance because, for example, execution of
Dmidecode via Sudo is plausible.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html

Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone

(From OE-Core rev: 4f83427a0a01e8285c9eb42d2a635d1ff7b23779)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-08-02 04:47:13 -10:00

2 Commits