Google Git
Sign in
android-kvm / buildroot / 1fc0e90450c433d2c43b2e46483175c68ceac2d2
commit1fc0e90450c433d2c43b2e46483175c68ceac2d2[log] [tgz]
authorThomas Perale <thomas.perale@mind.be>Sun Jul 27 13:00:31 2025 +0200
committerJulien Olivain <ju.o@free.fr>Tue Jul 29 01:07:48 2025 +0200
treea9db5d222648833fef5c6edf840605715bea211a
parent74e38b3c4d4e97cc7da28dd0eae89269028f3512 [diff]
package/micropython: add patch for CVE-2024-8947

This fixes the following vulnerability:

- CVE-2024-8947

 A vulnerability was found in MicroPython 1.22.2. It has been declared
 as critical. Affected by this vulnerability is an unknown functionality
 of the file py/objarray.c. The manipulation leads to use after free.
 The attack can be launched remotely. The complexity of an attack is
 rather high. The exploitation appears to be difficult. Upgrading to
 version 1.23.0 is able to address this issue. It is recommended to
 upgrade the affected component. In micropython objarray component, when
 a bytes object is resized and copied into itself, it may reference
 memory that has already been freed.

For more information, see:
  - https://www.cve.org/CVERecord?id=CVE-2024-8947
  - https://github.com/micropython/micropython/commit/4bed614e707c0644c06e117f848fa12605c711cd

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
2 files changed
tree: a9db5d222648833fef5c6edf840605715bea211a
  1. .github/
  2. .gitlab/
  3. arch/
  4. board/
  5. boot/
  6. configs/
  7. docs/
  8. fs/
  9. linux/
  10. package/
  11. support/
  12. system/
  13. toolchain/
  14. utils/
  15. .b4-config
  16. .checkpackageignore
  17. .clang-format
  18. .defconfig
  19. .editorconfig
  20. .flake8
  21. .gitignore
  22. .gitlab-ci.yml
  23. .shellcheckrc
  24. CHANGES
  25. Config.in
  26. Config.in.legacy
  27. COPYING
  28. DEVELOPERS
  29. Makefile
  30. Makefile.legacy
  31. README