On 26/5/26 15:59, Gerd Hoffmann wrote:
Make sure we actually have two input characters available before going to parse two hex digits. Fixes one byte buffer overflow of the output buffer in case the input string has an odd number of characters.Fixes: CVE-2026-48915 Fixes: 12058948abdf ("hw/uefi: add var-service-json.c + qapi for NV vars.") Reported-by: Feifan Qian <[email protected]> Signed-off-by: Gerd Hoffmann <[email protected]> --- hw/uefi/var-service-json.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
