doc: vulnerabilities: Add information about CVE-2023-4265

Add information about CVE-2023-4265 Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2023-08-12 15:10:22 -07:00 · 2023-08-12 15:10:22 -07:00 · 3c1394c17a
parent 732b03ced6
commit 3c1394c17a
1 changed files with 15 additions and 0 deletions
--- a/doc/security/vulnerabilities.rst
+++ b/doc/security/vulnerabilities.rst
@ -1338,3 +1338,18 @@ This has been fixed in main for v3.4.0

 - `PR 56709 fix for main
  <https://github.com/zephyrproject-rtos/zephyr/pull/56709>`_
+
+CVE-2023-4265
+-------------
+
+Two potential buffer overflow vulnerabilities in Zephyr USB code
+
+- `Zephyr project bug tracker GHSA-4vgv-5r6q-r6xh
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh>`_
+
+This has been fixed in main for v3.4.0
+
+- `PR 59157 fix for main
+  <https://github.com/zephyrproject-rtos/zephyr/pull/59157>`_
+- `PR 59018 fix for main
+  <https://github.com/zephyrproject-rtos/zephyr/pull/59018>`_