mirror of
https://git.yoctoproject.org/poky
synced 2026-07-09 13:37:24 +00:00
e3072d229a
According to [1], Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code. Backport a patch [2] from upstream to fix CVE-2025-24857 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-24857 [2] https://source.denx.de/u-boot/u-boot/-/commit/87d85139a96a39429120cca838e739408ef971a2 (From OE-Core rev: 6f69c878896b536f5f7b16c566d420e188c82c7f) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>