[Buildroot] [PATCH v2] package/openvmtools: fix local privilege escalation vulnerability
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Oct 30 21:24:32 UTC 2022
Hello Stefan,
On Wed, 19 Oct 2022 10:56:16 +0200
Stefan Agner <stefan at agner.ch> wrote:
> Add a patch for CVE-2022-31676 (local privilege escalation
> vulnerability).
>
> Signed-off-by: Stefan Agner <stefan at agner.ch>
> ---
> v2: Actually make the patch apply
I've applied to master, but after:
(1) Adding a reference to the upstream location where the patch was
provided
(2) Adding a OPENVMTOOLS_IGNORE_CVES entry in the .mk file to ignore
the CVE now that it is fixed.
According to our CVE tracking infrastructure, there are 3 other CVEs
affecting openvmtools: CVE-2014-4199, CVE-2014-4200, CVE-2022-22943. Do
you think you could have a look?
Thanks a lot!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list