fix CVE-2023-40546
This commit is contained in:
jinlun
parent
9949d52593
commit
45c5364002
39
backport-CVE-2023-40546.patch
Normal file
39
backport-CVE-2023-40546.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 66e6579dbf921152f647a0c16da1d3b2f40861ca Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 7 Jun 2023 13:15:49 -0400
|
||||
Subject: [PATCH] CVE-2023-40546 mok: fix LogError() invocation
|
||||
|
||||
On some ARM platform, jlinton noticed that when we fail to set a
|
||||
variable (because it isn't supported at all, presumably), our error
|
||||
message has an extra argument that doesn't match the format string.
|
||||
|
||||
This patch removes the extra argument.
|
||||
|
||||
Resolves: CVE-2023-40546
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
mok.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/mok.c b/mok.c
|
||||
index be1eaa15..0ac34158 100644
|
||||
--- a/mok.c
|
||||
+++ b/mok.c
|
||||
@@ -291,7 +291,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
|
||||
&var, &varsz);
|
||||
if (EFI_ERROR(efi_status) || !var || !varsz) {
|
||||
LogError(L"Couldn't allocate %lu bytes for mok variable \"%s\": %r\n",
|
||||
- varsz, var, efi_status);
|
||||
+ varsz, name, efi_status);
|
||||
return efi_status;
|
||||
}
|
||||
|
||||
@@ -302,7 +302,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
|
||||
FreePool(var);
|
||||
if (EFI_ERROR(efi_status)) {
|
||||
LogError(L"Couldn't create mok variable \"%s\": %r\n",
|
||||
- varsz, var, efi_status);
|
||||
+ name, efi_status);
|
||||
return efi_status;
|
||||
}
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
|
||||
Name: shim
|
||||
Version: 15.6
|
||||
Release: 12
|
||||
Release: 13
|
||||
Summary: First-stage UEFI bootloader
|
||||
ExclusiveArch: x86_64 aarch64
|
||||
License: BSD
|
||||
@ -56,6 +56,7 @@ Patch19:backport-make-update-EVP_F_EVP_DECRYPTDECRYPTUPDATE.patch
|
||||
Patch20:backport-CVE-2021-23840.patch
|
||||
Patch21:backport-CVE-2023-0464.patch
|
||||
Patch22:backport-CVE-2023-3817.patch
|
||||
Patch23:backport-CVE-2023-40546.patch
|
||||
|
||||
# Feature for shim SMx support
|
||||
Patch9000:Feature-shim-openssl-add-ec-support.patch
|
||||
@ -177,6 +178,9 @@ make test
|
||||
/usr/src/debug/%{name}-%{version}-%{release}/*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 7 2023 jinlun <jinlun@huawei.com> - 15.6-13
|
||||
- fix CVE-2023-40546
|
||||
|
||||
* Sat Oct 28 2023 luhuaxin <luhuaxin1@huawei.com> - 15.6-12
|
||||
- fix CVE-2023-0464 CVE-2023-3817
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user