Overview

File _patchinfo of Package patchinfo.28617

<patchinfo incident="28617">
  <issue tracker="cve" id="2019-14560"/>
  <issue tracker="cve" id="2021-38578"/>
  <issue tracker="bnc" id="1174246">VUL-0: CVE-2019-14560: ovmf: improper check of GetEfiGlobalVariable2() return can potentially lead to to secure boot bypass</issue>
  <issue tracker="bnc" id="1196741">VUL-0: CVE-2021-38578: ovmf: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.</issue>
  <packager>joeyli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ovmf</summary>
  <description>This update for ovmf fixes the following issues:

- CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). 
- CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places