Home Explore Help
Register Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

boot/grub2: ignore CVE-2024-1048

As explained in:

  https://security-tracker.debian.org/tracker/CVE-2024-1048
  https://www.openwall.com/lists/oss-security/2024/02/06/3

CVE-2024-1048 is related to a tool called grub-set-bootflag which only
exists in the Redhat fork of Grub, and which we don't use in
Buildroot, so this CVE should be ignored.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni 11 months ago
parent
3da3361a1b
commit
2495630383
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      boot/grub2/grub2.mk

+ 3 - 0
boot/grub2/grub2.mk
View File 

@@ -25,6 +25,9 @@ GRUB2_IGNORE_CVES += CVE-2019-14865
 
 GRUB2_IGNORE_CVES += CVE-2020-15705
 
 # vulnerability is specific to the SUSE distribution
 
 GRUB2_IGNORE_CVES += CVE-2021-46705
 
+# vulnerability is specific to the Redhat distribution, affects the
 
+# grub2-set-bootflag tool, which doesn't exist upstream
 
+GRUB2_IGNORE_CVES += CVE-2024-1048
 
 
 ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y)
 
 GRUB2_INSTALL_TARGET = YES