Package: qemu-efi-aarch64 Version: 0~20181115.85588389-2 Severity: important
Buggy EFI apps[1] can corrupt the firmware flash volume by dereferencing NULL pointers because we map the NOR flash at 0x0. Upstream has merged patches to make these inadvertent accesses fault instead. [1] For examples, see: https://bugs.launchpad.net/bugs/1811722 https://bugs.launchpad.net/bugs/1811901 [2] 51bb05c795 ArmVirtPkg/QemuVirtMemInfoLib: trim the MMIO region mapping 5e27deed43 ArmVirtPkg/NorFlashQemuLib: disregard our primary FV aa1097921d ArmPkg/ArmMmuLib ARM: handle unmapped sections when updating permissions 36a87fec68 ArmPkg/ArmMmuLib ARM: handle unmapped section in GetMemoryRegion() Ubuntu version of this bug: https://bugs.launchpad.net/bugs/1812093 -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.20.0-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- no debconf information