mirror of
https://git.yoctoproject.org/poky
synced 2026-04-30 12:32:12 +02:00
c169e5d26a
According to [1]: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. Backport fixes from upstream edk2 [2][3] [1] https://nvd.nist.gov/vuln/detail/CVE-2024-38797 [2] https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf [3] https://github.com/tianocore/edk2/pull/10928 (From OE-Core rev: a94550098d821e0055020a7d866648a761efcade) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>