From patchwork Wed Aug 16 09:24:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Adler X-Patchwork-Id: 1821739 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::33d; helo=mail-wm1-x33d.google.com; envelope-from=swupdate+bncbclp7i7wwmhrbevm6ktamgqej4vyv7y@googlegroups.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20221208 header.b=eH5SQtKA; dkim-atps=neutral Received: from mail-wm1-x33d.google.com (mail-wm1-x33d.google.com [IPv6:2a00:1450:4864:20::33d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RQjRY6Mrtz1ycv for ; Wed, 16 Aug 2023 19:25:44 +1000 (AEST) Received: by mail-wm1-x33d.google.com with SMTP id 5b1f17b1804b1-3fe661c0323sf42370705e9.0 for ; Wed, 16 Aug 2023 02:25:44 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1692177939; cv=pass; d=google.com; s=arc-20160816; b=ZDwZOQnr25fgikBPwjc5ny4I9IoiAxKkpBiFT7QU0fVvrt6OXUMfwaR7HKrtN36p6P 8NMQrIjhP54dSqgR/8FpqoxvbIEgWjOWQltGblQ/CSeR9rtAkcFyoXPvH2rxLMtZCka2 7yNRSjiyQuAQ3WwjGolMLBskxCTCH66N9F4gTxmVaGGp96T2kuGlEifUDY8Otz7T6zIk RQg5TJVxWeI6JiQQejZoCJTVP/OiO2W/9SK3T65/mKEUDl/jRSQ3j1YPt2nNqqL5qgkp 6FHZ4mEG1ZDBCdlvDyDFhLdlSHDGy7AcN9LrjBM82B9KvFLrMI825itAByTCxTPxZZ0t vyTA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :date:subject:cc:to:from:dkim-signature; bh=UfM4miN6zRwKtnciQ3FKlro9h1y/ZeOOuSnbrJ8Xq+Y=; fh=N85OQCFpXcKfWq6vDZcLSEiFRYTibc1ZPX65woyihK8=; b=weu8236Xlv6UBFzKi+nSbk+LukaonjYD+lsMgMTONDBLcVIbq9yUTrUQ6PL+X16Sik L2pOzAkLk32EIBFe2iPZLWF4AgZ4EvFECZ9ocwvjmuXVGmxeGICAmqvk2axtI8MeG0aC oT0YjSwwhRCrbrUMl+WAQ2zYs5VlbSlInjGyzWoe8PnKTpmlBoITYtk9AFeKMZ7J34NR hklUgpM84WqM/Zo8AvYHbkqMQu5FoGAW/gdTZJvBP+W1SOoPLfSPxT+SPPUUDf1caYQ2 0t6yuHWv7owCPYeKt7uNmv3kwhxSxFXYyI2AovaNAqUpIP68HWxdafb/TOoRM+otIZos c1Ng== ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=n+p6uXsy; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of michael.adler@siemens.com designates 2a01:111:f400:fe1f::62a as permitted sender) smtp.mailfrom=michael.adler@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20221208; t=1692177939; x=1692782739; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UfM4miN6zRwKtnciQ3FKlro9h1y/ZeOOuSnbrJ8Xq+Y=; b=eH5SQtKAbk/PNaGNqeR6xnUme88rZByH74he8BWme/j1RcVzRTwD8wg3Ivp+d81qk0 zrQYfVgZCAGUrG+4m8Cg2o7aGpgybRijKZ0qDg1IYFuLyIOGg0eJE79Dwqv5pHP/GSVh c81jq72pq4laJeIYVu3pZTuyshbBlmZBkh1EzGwtOGcaVWhn15Aj7Sdz7QPqBGegYwvy zvzxz+hF5pd5FB3nM/7420PV+LYKTkPSoKRi2uNT2KroiuOEyyBLxiE4TAkxUFRRCwEg 5AqT+iVyJOVdlUj9wRJRwqXHlSPGFTFm0qQPBkYrWgh4XK7GY2/dt/wsjXaLCPDW/74U duTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692177939; x=1692782739; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=UfM4miN6zRwKtnciQ3FKlro9h1y/ZeOOuSnbrJ8Xq+Y=; b=OeuS5hC6hjg6tQCTjh8NXDWcCJfEM4GuSIEeR+L37w3AvfDYMUlv5y85kjEQX2ZyzO ZvXrfjD3C5cSE5GB7ElGdJ8iIMv/vEiiPJsqIe32SffEVyzWjjrEQQgGmorwd4QRzfIX Y25Szdyu9HTpwFwnmhRQWIadarhTXPBEojHXFB89ashwoq1MOxKMGo7ORR+6S0h5nFLX zgmr7WNFe7fk+aTzMB1iBEgljUhRb2kNml39n4ULFcaPNpwZ8cRE+wmMUmY5mOPzHrL6 c8PSU05O/pPNPSLn6zYx/+qb0CuOZUTTujcV77cxXBb3MihIXz2s98RIhDYdCIiw/Ud2 5aTw== X-Gm-Message-State: AOJu0YxAZYljXlDRzxsAyBBGoWQcV0ci4HkDylYa0DVxaI0nObpr51JD aX4QBxb6rCvpXsH1nUo8TJM= X-Google-Smtp-Source: AGHT+IHYAdbNV+YUFSdJSQFiTye4h+1QUKOAF4/OqFnsHXL7Sb6NYE8Ls8Y4uJrNmuf/LhIW9CUDSA== X-Received: by 2002:a05:600c:1d06:b0:3fe:26bf:65ea with SMTP id l6-20020a05600c1d0600b003fe26bf65eamr943933wms.29.1692177938826; Wed, 16 Aug 2023 02:25:38 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:5110:b0:3fe:1d45:c71d with SMTP id o16-20020a05600c511000b003fe1d45c71dls478089wms.2.-pod-prod-07-eu; Wed, 16 Aug 2023 02:25:37 -0700 (PDT) X-Received: by 2002:a05:600c:401:b0:3fe:687a:abad with SMTP id q1-20020a05600c040100b003fe687aabadmr1027765wmb.20.1692177936939; Wed, 16 Aug 2023 02:25:36 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1692177936; cv=pass; d=google.com; s=arc-20160816; b=gbEDkBtogdqdWWSrVssUnd/HGu4cIowuYc6Aa8iSypimOpHQ14UENCU7MdeYSbJ6kr 3pPWDxmWhfBjhe/EDGtHhS4C4LPfRtHAmXtQJaYP7dwkEjQ2PxRyu5PBWRZBz3PyjC8Y NiUIdZOfX0AI0DxJfc8D+0j/8HKxybMNeJzXTVDxtV7W7LTq7C/stvALR4A/GgZOCQBQ 0mGTmpdKxIb/c4Ib/twpAMBHjPN9OtiVmBrIFmS2G/DoEVpHev16d8wM/+XTmez3YGVx VVgi4rzYA8B43XoQCXTaEYS6hQEa0ivMc/VxKEA9bp66VGv87IZKyTNpzzbIM+Hev759 MpFw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:message-id:date:subject:cc :to:from:dkim-signature; bh=ZiBXTwprTIi4243oZqPhfPfyrqZZHV1c7ZphImAgqrw=; fh=For1XKNdL4vq+kV1Ze12+itZeF+T41F3BO+jz+kwEW8=; b=dtv2tQkeipJN2DxUvDtx2pS2nGc3VgJ/s6yJFe/eUZ0dRvfwz8/cx2sO6woZl4EH1x dElRW/MfCKFpdFGPGWDfjZvHhZTol6daroSwHF1felAbEj361Oc0sTHZ50OiMp3uXjI5 I80UHM0F8zmcB672B7ZuuIuC7h2MoAeRyjcwdAsa7QjM8Dud2+PluBtYCkC/aztW8seA 2ATE9rDtffArtHxFOE4Ey2H8PYO7aoviSEbGbT4qWUB4eM/qWNADNycLYIsHwmeyqV2P JS0StU9C6KSy86K7NGhRsa/KX4mXH7QsG/CGa4ObzKWH7VaSUbXmnFspyKS9LrTaYKs3 cvIg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=n+p6uXsy; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of michael.adler@siemens.com designates 2a01:111:f400:fe1f::62a as permitted sender) smtp.mailfrom=michael.adler@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on062a.outbound.protection.outlook.com. [2a01:111:f400:fe1f::62a]) by gmr-mx.google.com with ESMTPS id d16-20020a05600c34d000b003fbf22a6ddcsi1390411wmq.1.2023.08.16.02.25.36 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Aug 2023 02:25:36 -0700 (PDT) Received-SPF: pass (google.com: domain of michael.adler@siemens.com designates 2a01:111:f400:fe1f::62a as permitted sender) client-ip=2a01:111:f400:fe1f::62a; ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cx1RZLcY6gtgn3nRLzlAXBIANPle39TES2TLH/1K97FtXvsubw5IN8fnQIRYwJR/1qAgdHwj0R1ljiqZB5hIcxX2IXBFg++vxFhiETpYY5+l9SNEnuaSbiyIbgwQzeAuMi4RMtdXlCPGu2rRQqHmKLfVlwJVfbox1GGpkzbInGXF+Vad1i8FRq+2tBifXylMwrM6Nj5Yh5nLF2D3fTwX5BYM7B8h0MQ6dWSgtIyjPpeE2QxT8cEBadcGRJxZBMbCuC7AQ9gArEPrNRghtsEo73aJSIjGn9stBHT0Wz/g3x1Q4hGWfD2mC5Nq4TRWFaSG9MAwReGVpxxw27C/qTeP4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZiBXTwprTIi4243oZqPhfPfyrqZZHV1c7ZphImAgqrw=; b=Bhw/oyYS2Px6cwW7x52YBXg++GQAdkWpqUKYSc9U1uEZB1THw3vTP9+FxQpiTu0PWS9j3QNrwFfu5k/1AcHgkrw3odLf+mwbwO2fQnFhxtsGiruScyMeq3WHA2AGCpQ9Z1yoDANv3NLD49fEXXZ9ToYup2IFTWFgkJs263U5EcU42QDH1xpwuoZOuueoGSdI2pduW6SWSJaGTP7fPgYk7rfHksQEij75U3To8+4gnZi5vyPtEWJ7gIx46AiYS2JIWKYPAvgwJQemIg+81TfgMpY6twWyYukjjefHrWWV4tyDFxM0s+BWT03nPAI4sugbjNrvzi5/IWJsliKsh6yVLw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by DB4PR10MB7422.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3f1::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.26; Wed, 16 Aug 2023 09:25:35 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::9505:a6cb:9759:b1df]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::9505:a6cb:9759:b1df%3]) with mapi id 15.20.6678.025; Wed, 16 Aug 2023 09:25:35 +0000 X-Patchwork-Original-From: "'Michael Adler' via swupdate" From: Michael Adler To: swupdate@googlegroups.com Cc: Michael Adler Subject: [swupdate] [PATCH 0/3] Regarding efibootguard CVE-2023-39950 Date: Wed, 16 Aug 2023 11:24:21 +0200 Message-ID: <20230816092424.203252-1-michael.adler@siemens.com> X-Mailer: git-send-email 2.41.0 X-ClientProxiedBy: FR0P281CA0137.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:96::13) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB4734:EE_|DB4PR10MB7422:EE_ X-MS-Office365-Filtering-Correlation-Id: 9490b3b0-c19e-42ae-8a72-08db9e3abef6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EMPMK43D/KoSOk7oQUqv/m8iqLj/o7gsDgy56epbkWFq8n2biuZuqX6Lf9Fr5/R4JDHMkRx6RjQdjeHrXxyMnU/ojAiRJVIkvXZdZHpp3z1tjXIv7fZYN/1qUuid6WO+lDgvjiMllmS1ry80eiovEEGwgwMftmAsij4726M7KqQM8xNwhXiBQOxPrDpq2DyInuPhBpswSICel02BbE1mjxkGDYy2mljs4Vme72TO+WNddnosQnF5RMsmPfwWBTLFxP2Mldi4QYgwlOxeGi7bG+XrFkGZJUxif2SPrwSkzS8Mz9o39w1BSvc88IbjlmK6KsGli9c+EvBNwEhw0ni+2cLKOF0I5G8Uh9DgfLOgTRrmaSvGjhPl1xkAa0OpkWLnuNJqDV62pzg4VhjfJDz0KaLXwVWyvwtgEoHL3fA7QlomRGAfBhKx3zOJUm5yaqtFQEKzpB5bH8W++yOe92BKTYsZoFAcdx+Co9uDGI5J0HNrax5U+oHXzxA6wB0nzMxMI8aJ1VeTujiGyscn14zdqd8SzUn9z9J9tk9BGCq8dmw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(346002)(366004)(396003)(136003)(376002)(39860400002)(1800799009)(451199024)(186009)(2906002)(83380400001)(86362001)(478600001)(36756003)(2616005)(6486002)(6506007)(6666004)(1076003)(107886003)(6512007)(26005)(966005)(5660300002)(44832011)(41300700001)(6916009)(316002)(66946007)(66556008)(66476007)(4326008)(8676002)(8936002)(82960400001)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: CmCNBMFXE/kbHlS40AlwFwnBcPDOuBgKkwwJdVc8Tjdm+SuCG6O1RllfGaXoKyaVeM0Zn8+Cw1lILrhmTsQW3Wtf45es+7/SxznAoVjUbtvb0vqSXxiZYror3MvD2tWUuTrN4amhwq4jgA4iKz8fkUh4pZ0qy9xag+UTdpnk+fJ3rpBdyY3fLXIYboYbvSasWP2eST2FLJKFOOAdXvy+MiWv+9j89att10YYRSFzHvb3XZajbuoERX01f9aj3AuXqMES2x9g/SoY4d4wxpuCZEXKcVSI+0YWTnP190gYN4Er+Hi5gzCHSUabpQ10ROI0m7hYZoe5dlzOjvI0XrI8c6dRM+vgA3xDTyM/CUqTL9OY2zEIfy+7jEqMzLCAJfyEvz6xMxk04Krr7VCToLmViXerFgsxlSdKSGWJHcd4Rz/GvT8gyxKgUIUVRBLDbOil4wJ5FgSj6UpLQEn/ypKKS0qpln5+rOf0ISs16wjvYMk4KmBOpD0UJXh2Mj7nCScWQ6TAqeGURGLbr9yyov+M/ivvhTEKCS91OeaLLQ2/qh6gO8Yz/mdybrYqpDj2kKixZs9fsa4nKuLZKoX398vHsoCbHdJRT1+p9WxpLZV5lySpe+8viiZbuJan9ytq6E3d29y0+UOqWzxQUWsgWZDn8jhZIls3erwKAGVRqCw+5hqYtn+HEr68uZCUL2FJBGwEcf1N7MeEQQHC/zeB5pVjF3PM9DE3q8qA0Gfrm+fGxVdYbPeQWItGuVNBZPFgf1WsS8qfBLLSvoIzS7p+iW/ihc3yQVPb8VDZjqQXRoxqP/UZGwz33n+GNQdTYZa6vX0ZeRnUQxPLIzWNU2PxNZOd8ILsFDid4ylKqQUS1esx7LQ/bq0MLFCv1oF3dtX2EozKZhSMUF3Rfk8SxFWFqPYhmpxHxRuvDM73bLg9no8xEuvLcDKiH3+6YvRPQXBZLJETo6WNyLH4jlv/ziqGyZol0N8b6eFFH9/yUdKXjB2EooBzQ3Z/umywkirfvQU5aFSQyU1pqFfTLF7tVj/e1tkoN4XyH8cfTzFMjWVrIfCFnGrR5y0jND8RS3Q4C0/N8QcziBDC3hY/y7TeCINQE40CspYJ8eHKJ78CuTpXLIVZjjprQi0y3xTh4WwF0eXPCK/C1kalu8M5wPQnC+OV9bsi0LLkOwh6b/2p8MmBpkCFN8UnJQcR0KK7fPaqfyXtVCdpUnJ5h9cf1JJZ8e8LXbB9uYEA8aPwrgTwdfghY2Y3ZcK0Z4/jeXqx0QCtI0GaOtKjqc0MAbkfiSQAqhE/o2yGN4jW7dlpeAXdapmR+SiAOEsLvx3DePdBqJPb5146ikzf1kWyU/1mWCGtfGKC5tay9CH6Smozo9huQqegjRxmTucY2Dk2hjcC4e3hRHZipbU4S/QyihlBoyX2TBUeG+4dkihKILtQh0B3K4XjcTK08MlNMgRuHZI6fpn0YssB6a4eL/c+MAUfWvrigCeC4cRRlLS9rds/psvan8pgGwW0huXKIuOoRatHncXiXXYqNo+aw6oWKTQB/ew5haF5ow++WHaVQ6nTl7hrfXmMhMfOvtasGXROPrJhLaalKkCA3HwsK+MZoDgeq5YMiILY0WH8Tg== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9490b3b0-c19e-42ae-8a72-08db9e3abef6 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Aug 2023 09:25:35.3008 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: M21pTDcj9dYa6Ahp2Te7g5JfcVlrbU1f8yUv+z7CpWOqkuK4puIaDJOJRTQjha7HNDbIpA1z0eIa6Ws2TLcCz8FhhLXq9JMb/HlXaw4ENqg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR10MB7422 X-Original-Sender: Michael.Adler@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=n+p6uXsy; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of michael.adler@siemens.com designates 2a01:111:f400:fe1f::62a as permitted sender) smtp.mailfrom=michael.adler@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Michael Adler Reply-To: Michael Adler Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Hi all, A recent CVE [1] has been assigned to efibootguard. Given that SWUpdate integrates with efibootguard, we investigated its exploitability within SWUpdate. Our findings indicate that you remain safe as long as you refrain from using user-defined efibootguard variables - which SWUpdate doesn't do by default. However, it is possible to write custom Lua code that reads/writes user-defined variables in which case you **might** be affected. It's worth noting that while we didn't find a way to exploit the CVE in a standard SWUpdate deployment, it's still recommended to update to efibootguard version 0.15 or newer if you're using both SWUpdate and efibootguard. During my analysis, I discovered some minor issues in SWUpdate's efibootguard integration. These have been addressed in this patch series. Kind regards, Michael [1] https://www.cve.org/CVERecord?id=CVE-2023-39950 Michael Adler (3): ebg: ensure env_get returns valid strings ebg: detailed logging if malloc fails ebg: fix integer underflow bootloader/ebg.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)