]> git.proxmox.com Git - pve-edk2-firmware.git/commit
projects / pve-edk2-firmware.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0b5cf8d) | patch
fix CVE-2023-48733: disable EFI shell in SB mode
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Thu, 15 Feb 2024 07:56:05 +0000 (08:56 +0100)
committerFabian Grünbichler <f.gruenbichler@proxmox.com>
Thu, 15 Feb 2024 08:54:41 +0000 (09:54 +0100)
commit334229c40993f947a48cfe3b9ac047b19bd62acc
tree571697d9b50f412f413575aa8c8b997d042ff450tree
parent0b5cf8de8d9e2d4d0bb4042e1cc52834f90165d2commit | diff
fix CVE-2023-48733: disable EFI shell in SB mode

since the shell allows circumvention of Secure Boot restrictions, for example
via raw memory access or execution of scripts on the ESP.

see Links in the patch for details.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
debian/patches/CVE-2023-48733-Disable-the-Shell-when-SecureBoot-is-enabled.patch [new file with mode: 0644] blob
debian/patches/series diff | blob | blame | history
EDK2 Firmware for PVE