New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide patches for new networking vulnerabilities in EDK2 #180

Merged

danielfullmer merged 1 commit into anduril:master from jmbaur:edk2-networking-vulns

Jan 18, 2024

Contributor

jmbaur commented Jan 17, 2024 •

edited

Loading

Description of changes

See CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 and CVE-2022-36764.

Rundown on CVEs:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

Patches found from https://bugzilla.tianocore.org/show_bug.cgi?id=4518 and https://bugzilla.tianocore.org/show_bug.cgi?id=4118.

Testing

Tested netbooting on:

orin-agx-devkit
orin-nano-devkit
xavier-agx-devkit
xavier-nx-devkit

jmbaur marked this pull request as ready for review

January 17, 2024 19:09


          Provide patches for new networking vulnerabilities in EDK2

914e0d4

See CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232,
CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 and CVE-2022-36764.

Rundown on CVEs:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

Patches found from https://bugzilla.tianocore.org/show_bug.cgi?id=4518
and https://bugzilla.tianocore.org/show_bug.cgi?id=4118.

jmbaur force-pushed the edk2-networking-vulns branch from 4eef351 to 914e0d4 Compare

January 18, 2024 00:43

danielfullmer merged commit 23645d7 into anduril:master

1 check passed

jmbaur deleted the edk2-networking-vulns branch

January 23, 2024 04:24

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet