From 8ed0272aa3e0afd9467ae05f5362ca1e54003d2f Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Wed, 21 Aug 2024 15:14:46 +0200
Subject: [PATCH] boot/grub2: ignore CVE-2023-4001

This vulnerability is irrelevant to Buildroot, as it affects only some
downstream changes from Redhat.

See:

  https://security-tracker.debian.org/tracker/CVE-2023-4001
  https://www.openwall.com/lists/oss-security/2024/01/15/3

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e2f46ed03db7f07e62ce44f22dba0db53a5d2fd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 boot/grub2/grub2.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/boot/grub2/grub2.mk b/boot/grub2/grub2.mk
index 19544b6e12..1263c63cfd 100644
--- a/boot/grub2/grub2.mk
+++ b/boot/grub2/grub2.mk
@@ -25,6 +25,9 @@ GRUB2_IGNORE_CVES += CVE-2019-14865
 GRUB2_IGNORE_CVES += CVE-2020-15705
 # vulnerability is specific to the SUSE distribution
 GRUB2_IGNORE_CVES += CVE-2021-46705
+# vulnerability is specific to the Redhat distribution, affects a
+# downstream change from Redhat related to password authentication
+GRUB2_IGNORE_CVES += CVE-2023-4001
 # vulnerability is specific to the Redhat distribution, affects the
 # grub2-set-bootflag tool, which doesn't exist upstream
 GRUB2_IGNORE_CVES += CVE-2024-1048