mirror of
https://git.yoctoproject.org/poky
synced 2026-04-20 00:32:13 +02:00
9959bee1af
Fix a grub issue with incorrect values from an usb device. From the official description from NVD [1]: During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. This patch is a part of a bigger security collection for grub [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-25647 [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a339dee50be98931613e5525ccd2a623bcae7fd1) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>