From patchwork Wed Jan 15 07:24:22 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peng Zhang <peng.zhang1.cn@windriver.com>
X-Patchwork-Id: 55543
Return-Path: <peng.zhang1.cn@windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 13576C02188
	for <webhook@archiver.kernel.org>; Wed, 15 Jan 2025 07:24:47 +0000 (UTC)
Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com
 [205.220.166.238])
 by mx.groups.io with SMTP id smtpd.web10.15805.1736925884598618262
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Jan 2025 23:24:44 -0800
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.166.238,
 mailfrom: prvs=3110a90dd8=peng.zhang1.cn@windriver.com)
Received: from pps.filterd (m0250809.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 50F5fnol004599
	for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Jan 2025 23:24:44 -0800
Received: from nam12-bn8-obe.outbound.protection.outlook.com
 (mail-bn8nam12lp2170.outbound.protection.outlook.com [104.47.55.170])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 443s1pkjj0-2
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Jan 2025 23:24:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=OtntbYQsKLQc1uJc7UHQjMK+LxkDj4y+wlZv4QeTXQP/T3QC01Se+oduuioAkQE5pqhmGxnkSqLGyXgYJ5DXDFCM2fbR2wdflVru8imnXL6vYLH8wo7Ly7R3t0EO/JwC1WffD23B6+0kfze5JvUkNQcopS3BPfwnEYOVD9W9dMkOX8kq7JGr1b2f7dJ+v5kLyhKANWlLj+9cBVHV/fCxoyCMMqneE/DI+fmG1NSlOXJwC5Lgpf8IFZH6DaQzlcFWzoe+Ud7PwI68X1OpNIIUSJD4MgeMoxlEYYQRELOCObb0tcRAQAmpY7ge8UF1JAPcuVg4DyDcMhg5JC96ysbMqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=oM8OHWu86jTeeQ4Dk0iRGMMNDeEaU2oeJiXFPJfRKKY=;
 b=LGR3Mth2obmUQ+5JPDf++ae+GYg49aufJ3NQAo4kk1ZUwBHbIDtQsA1V+A0Wtv54+379eIJ1EnFxGkQlxesUIIYM56mYucKN7nnWF+qsJdxmzZpk1qQ3u+wHAuMGJchnNBZWOMM7xffEidN64B34XffAb5ElLGcu+0ZK/o+pFIdwuwb0csNcRKat3x6C+slFcub7d4M42tifjurUGFbCtA9vj4lgFVDS57j8yaHIPJEgGnT9ynD3zunuoSWU6wPHH1KJjdvG888ZgMXfK2od/Jf4hABXRkADViFBvfn8gAaJZtMdidLk6GDjl4g5k+Y2PkQ5HmAmq8IUAxhc7/eqdQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13)
 by SA3PR11MB8046.namprd11.prod.outlook.com (2603:10b6:806:2fb::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.18; Wed, 15 Jan
 2025 07:24:41 +0000
Received: from CH3PR11MB8562.namprd11.prod.outlook.com
 ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com
 ([fe80::24c6:f8fc:1afe:179f%7]) with mapi id 15.20.8356.010; Wed, 15 Jan 2025
 07:24:41 +0000
From: peng.zhang1.cn@windriver.com
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][kirkstone][PATCH 2/8] opensc: fix CVE-2024-8443
Date: Wed, 15 Jan 2025 15:24:22 +0800
Message-Id: <20250115072428.3667416-2-peng.zhang1.cn@windriver.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250115072428.3667416-1-peng.zhang1.cn@windriver.com>
References: <20250115072428.3667416-1-peng.zhang1.cn@windriver.com>
X-ClientProxiedBy: SG2PR02CA0112.apcprd02.prod.outlook.com
 (2603:1096:4:92::28) To CH3PR11MB8562.namprd11.prod.outlook.com
 (2603:10b6:610:1b8::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|SA3PR11MB8046:EE_
X-MS-Office365-Filtering-Correlation-Id: 81a88c42-9150-446a-b052-08dd3535acee
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|1800799024|376014|38350700014;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?sQk2EJeYUU61vX+EOMxuGSaybYMWKEK?=
	=?utf-8?q?gUJ73L2qSlOfsqodUoH1iZTZWAlCAZ+3v2tyrDbtTVZAu6ULBhI5IZ+xT/Gg2Mlbx?=
	=?utf-8?q?z4vFHzxanPHbz/O0h4gTcSGG0truquyYLju3203ARQXa3XZAzfdwSriiQvemo7Xuq?=
	=?utf-8?q?vpdcN8S/ZvqofK9ybuZsuyvE2lf6vKjEr2k/wleVpONobkV40gI0GAQUYla5+2YcE?=
	=?utf-8?q?LrTuQOqk9cXQNCaj8GCkbDZCvnJRFwm65mqXDvMyzvpED9cWUJiU7X4IAUHgNEzyQ?=
	=?utf-8?q?Tf9xArUc0Su/nbuMI6A6TODiYIt1Irg0wR2U7iqgsIQJbqcLvRjCVQoek3HQQWZof?=
	=?utf-8?q?2jjUoUvHH/Et+IKtk9o/i37PGyb2aFFrNHp+3+9IoXwtNmtuY0eB25kkLtbavaRvm?=
	=?utf-8?q?iUllyHJy7mWrPo9k32jB2RwaN0NIIYq5exclmgJzuSaj1YQRYKG9fCtRlDJZ8Lvw3?=
	=?utf-8?q?ijZdi/NJq0ogT+ASm+4lDbKqazKqJ7teKoS1BqYQbonrOqPC8clcEnVb2zGvAb0Kd?=
	=?utf-8?q?Jrj45uN7U7aJCXSQ1M3vMbROqEKKCYTC/6EnnrWoCGDYGozOop7e0PW9lOdT0dAKp?=
	=?utf-8?q?nMZ4nkLrpqboSEFwnLhS65F2Hlz1TqM50ID7t+rRnSmgtMnlxHghWLHR7YX5o5m7t?=
	=?utf-8?q?P+BZFEJGxJK/WvsaoNQi9cG2O9K0T8qUeo+erXlNHtZs4gd8uOjrzmhpVx5rXcyq8?=
	=?utf-8?q?0ClT4yXTcnZgBSDcS5+turZ9FQbQLFslsC5D9fwoAwjk7etrtcwKUuHNuAklbs1GO?=
	=?utf-8?q?MzysABkrYpcF/vrgk7ZVTr8jhoMtGTbt8SiGiLNX+hEXU9g1OxAhQ3DTGhVVIhjfg?=
	=?utf-8?q?zXqDRMixxx/nWBiuajoswmMtOmDI/kyf/Bf8e2JrPRpNerVXkZCG3zknZJaXg5hNN?=
	=?utf-8?q?YfJFfFda9ZsLDPo2pVexWOIs4JiyVfG8EpPiaS3xiTory0XnxIrLHkJstaVJYvAzU?=
	=?utf-8?q?It0Ny4fHxuoUwy6SruAw6pq/O/+v5enKWRylYo8XmlVmQy3Cn7fWqOslwN9jGzblm?=
	=?utf-8?q?zJ5733RdOUjmecxW1wMVMPYUxJQgjgUweRaSxDk9tQLS/RIMAuGkszJuAuQraX1ly?=
	=?utf-8?q?aBW3PBv8AgCTuj1iGopMIePMBCA9hUFY1O5XiWi2x3A2OvsCe+ApirbTEFwgfOpPD?=
	=?utf-8?q?WLyW5GkXIyYKHUyYbRNPWHIveETWBAbT4gGpCA5MLfrmmDIyadza30gKb57ZO9X5K?=
	=?utf-8?q?xZqpX2E+4otguNBrKDUrTmsQJKOh8vjnZAaKsAFJfCECCzFt4/PkQte096enK6vkB?=
	=?utf-8?q?cc56ey5ZDK39eor52bU8iwnUtjlUVCB4qY9pJRxTkk8kOLXRlqHzxpxVc4meJnxxX?=
	=?utf-8?q?ivLoZI2H8vSxyJxRyDu7pDwHhxsG5ATCLQ=3D=3D?=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(1800799024)(376014)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?3IlpMoCmfdVwXXL9o2ulR/G3j4eX?=
	=?utf-8?q?G/6LsHB5L/hKsD0Tp5APdR9SU8JfZj1/qLYgrVu1FAQRKQb1ebIj5lIBvz/ztGWox?=
	=?utf-8?q?G52SPESGs7aErike12BuskrH3DIiHDAnBGHCCwSJFf/fy/6tHlxLRgA1UfRIC/jkf?=
	=?utf-8?q?LW4CD50M/aFRYowsQCCS/GPLL/R7BqpXr1IEV+AmWIEuxTyvUmhVXRQcY+fwAr46X?=
	=?utf-8?q?rxx7GnKHUr5QU+cqLZx9tqDr8G/BH70jG+i5/Md69LQx001p4R99UYBqxTnIbNXvf?=
	=?utf-8?q?lXkkMAPL2qUjMw22mZMJYLKXELFPlVqQs8aoSBPEWClKO1GzPD2qL93+gq1oNkGK1?=
	=?utf-8?q?dcHMAMkgQ1UqQgrGieobAnX5JA45A9V3aRhueT9IYYQsLvZihYlGMQNXaYySPSwiT?=
	=?utf-8?q?VcsekSx2s4G4+dNjikf5vxis0/C/16qiovFYUYur1ikkv6H6MpiB+ylG5WwlqBxJQ?=
	=?utf-8?q?Mf2Xv5pK7dyJcQlhAD5Q9NChGlWEd/spVjv+JmodKclEFYk6kKqU9JGhtTksyJviJ?=
	=?utf-8?q?57B1RWVHOt9MMnoBeUo/9abb8KL7gcwWj7+TaSCrzjp48FSLItcNjmbsT9c+n31GM?=
	=?utf-8?q?lawPSrNmnukR+oa/B3su/HTrPPyig59Rhj6+Rujd3b1vE2u2As3Reb2OmelP8zQT/?=
	=?utf-8?q?aDSOVLLx/hp+OidkxIOU4UU9lFunJT1s779ZZsEPvb1StO0Sm1s70l/SsrBwx9XaT?=
	=?utf-8?q?AKvjCkg1/BqO6Kh9/OPsN79SYyo8nZIq88e2eSXT/Eg1jv2ft4Fdaig/kDDoOTywu?=
	=?utf-8?q?8c4b6Le49Gp1mNWD1U9BqSNaQxJzduK0cJa1D3bVCtlAneGYUEcZgWGnZb4Zniieg?=
	=?utf-8?q?dULc3iVSKdLyjRSwvi5vZdOz6jLMCkoWLW4wyTyTBYsIgOG0znXVWbNjtNEjOFoZX?=
	=?utf-8?q?6o0BzI5S0gwaRyzPcefnRcGYBTNFOzWrDMSzMN3udYBaUM2hmfsHVk6BwoxWAySET?=
	=?utf-8?q?3zs0l7dgQnEBwe4U/GMUalLKCFkb/xwHJP+p2bve3RIaherBZnbgNwO+ooaEALA6U?=
	=?utf-8?q?BOwtAYuVGMdmMlfopldfzksDXx4f3zk/4x00I0inEX/FVlMMdTk7I01bT8LgYssWm?=
	=?utf-8?q?Qj1Vn5YtqyQfMnROye4RLzDbzRXW9suhHftmrduG6C69qAylLI2ri+Jqzcd25TPkU?=
	=?utf-8?q?0BxhmXFFwiOCUzIlzO/Ft9YKb30DDbqPCw4iw1X7mrnjD9auCbzdTSyNzfGyiSYJL?=
	=?utf-8?q?Pn2nyNN3xPJ0BYjVoPzrVMZBLoNwGoJLRl3TMjeqxAEl0VdNoK1A7+LfRVA778EMc?=
	=?utf-8?q?uPihxwGsD4RZjSXUC8q+mKniUmQCqY7+ZvMkO9C7fzrNgRHd7MrsA2gklAuvjXYjX?=
	=?utf-8?q?D8D5z/QOPVCvaN1g+tZk8VciHeqf26Cw9BWvninh0hMiRdxcTIzkpzLDZRFYaBQNK?=
	=?utf-8?q?/hJXnU2PpED5GZe8s8sXOmWEe5w05cKZSStnuZSk0d53zveaFv0z8+o8yNeu2zwQ1?=
	=?utf-8?q?jTeYt7LObQhd+94S+SpzptTvPh1uVIu0lbEthVbOVsFq1q7lyH+rL0pOSCt2/xH10?=
	=?utf-8?q?7t9v4FsJoK/yVEXnIQ1N8hM5hFxLJvMgrQ=3D=3D?=
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 81a88c42-9150-446a-b052-08dd3535acee
X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jan 2025 07:24:40.8885
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 l7D6V0JPppK4SSlHtwZm18fakqU3FIsr1ZNLyjTpRS5bsseYHHTtEapw9bdloz6c0aeWlEZYojCQ62qoXW7+IVgBEUeL7yXuiFJ/gjFAMzU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR11MB8046
X-Authority-Analysis: v=2.4 cv=DdLtqutW c=1 sm=1 tr=0 ts=678762bc cx=c_pps
 a=2bhcDDF4uZIgm5IDeBgkqw==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19
 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10
 a=VdSt8ZQiCzkA:10 a=bRTqI5nwn0kA:10
 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=cm27Pg_UAAAA:8 a=t7CeM3EgAAAA:8
 a=20KFwNOVAAAA:8 a=7p7RPr-GalsxoHJJx9wA:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10
 a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-GUID: m8ey9Zyh9nFzWaveGrrd5iTrpJioPpbX
X-Proofpoint-ORIG-GUID: m8ey9Zyh9nFzWaveGrrd5iTrpJioPpbX
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-01-15_02,2025-01-15_02,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 suspectscore=0 adultscore=0
 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 priorityscore=1501
 phishscore=0 malwarescore=0 bulkscore=0 spamscore=0 clxscore=1015
 impostorscore=0 classifier=spam authscore=0 adjust=0 reason=mlx
 scancount=1 engine=8.21.0-2411120000 definitions=main-2501150054
X-MIME-Autoconverted: from 8bit to quoted-printable by
 mx0a-0064b401.pphosted.com id 50F5fnol004599
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Wed, 15 Jan 2025 07:24:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114886

From: Zhang Peng <peng.zhang1.cn@windriver.com>

CVE-2024-8443:
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable
to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all
versions up to, and including, 1.1.0 due to insufficient input sanitization and output
escaping. This makes it possible for authenticated attackers, with subscriber-level
access and above, to inject arbitrary web scripts in pages that will execute whenever
a user accesses an injected page. Please note that this was partially fixed in 1.1.0
due to the missing authorization protection that was added.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-8433]

Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e]
[https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
 .../opensc/files/CVE-2024-8443-0001.patch     | 60 +++++++++++++++++++
 .../opensc/files/CVE-2024-8443-0002.patch     | 55 +++++++++++++++++
 .../recipes-support/opensc/opensc_0.22.0.bb   |  2 +
 3 files changed, 117 insertions(+)
 create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
 create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch

diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
new file mode 100644
index 000000000..7d80aba76
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
@@ -0,0 +1,60 @@
+From b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 12 Aug 2024 19:02:14 +0200
+Subject: [PATCH] openpgp: Do not accept non-matching key responses
+
+When generating RSA key pair using PKCS#15 init, the driver could accept
+responses relevant to ECC keys, which made further processing in the
+pkcs15-init failing/accessing invalid parts of structures.
+
+Thanks oss-fuzz!
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+CVE: CVE-2024-8443
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-openpgp.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
+index fad32f0ce..f99ec0db9 100644
+--- a/src/libopensc/card-openpgp.c
++++ b/src/libopensc/card-openpgp.c
+@@ -2877,6 +2877,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 
+ 		/* RSA modulus */
+ 		if (tag == 0x0081) {
++			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
++				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
++			}
+ 			if ((BYTES4BITS(key_info->u.rsa.modulus_len) < len)  /* modulus_len is in bits */
+ 				|| key_info->u.rsa.modulus == NULL) {
+ 
+@@ -2892,6 +2895,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 		}
+ 		/* RSA public exponent */
+ 		else if (tag == 0x0082) {
++			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
++				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
++			}
+ 			if ((BYTES4BITS(key_info->u.rsa.exponent_len) < len)  /* exponent_len is in bits */
+ 				|| key_info->u.rsa.exponent == NULL) {
+ 
+@@ -2907,6 +2913,10 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
+ 		}
+ 		/* ECC public key */
+ 		else if (tag == 0x0086) {
++			if (key_info->algorithm != SC_OPENPGP_KEYALGO_ECDSA &&
++					key_info->algorithm != SC_OPENPGP_KEYALGO_ECDH) {
++				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
++			}
+ 			/* set the output data */
+ 			/* len is ecpoint length + format byte
+ 			 * see section 7.2.14 of 3.3.1 specs */
+--
+2.34.1
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
new file mode 100644
index 000000000..30a7e63a7
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
@@ -0,0 +1,55 @@
+From 02e847458369c08421fd2d5e9a16a5f272c2de9e Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 15 Aug 2024 11:13:47 +0200
+Subject: [PATCH] openpgp: Avoid buffer overflow when writing fingerprint
+
+Fix also surrounding code to return error (not just log it)
+when some step fails.
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+CVE: CVE-2024-8443
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/libopensc/card-openpgp.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
+index f99ec0db9..3957440de 100644
+--- a/src/libopensc/card-openpgp.c
++++ b/src/libopensc/card-openpgp.c
+@@ -2756,14 +2756,21 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime,
+ 	/* update the blob containing fingerprints (00C5) */
+ 	sc_log(card->ctx, "Updating fingerprint blob 00C5.");
+ 	fpseq_blob = pgp_find_blob(card, 0x00C5);
+-	if (fpseq_blob == NULL)
+-		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot find blob 00C5");
++	if (fpseq_blob == NULL) {
++		r = SC_ERROR_OUT_OF_MEMORY;
++		LOG_TEST_GOTO_ERR(card->ctx, r, "Cannot find blob 00C5");
++	}
++	if (20 * key_info->key_id > fpseq_blob->len) {
++		r = SC_ERROR_OBJECT_NOT_VALID;
++		LOG_TEST_GOTO_ERR(card->ctx, r, "The 00C5 blob is not large enough");
++	}
+ 
+ 	/* save the fingerprints sequence */
+ 	newdata = malloc(fpseq_blob->len);
+-	if (newdata == NULL)
+-		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY,
+-			"Not enough memory to update fingerprint blob 00C5");
++	if (newdata == NULL) {
++		r = SC_ERROR_OUT_OF_MEMORY;
++		LOG_TEST_GOTO_ERR(card->ctx, r, "Not enough memory to update fingerprint blob 00C5");
++	}
+ 
+ 	memcpy(newdata, fpseq_blob->data, fpseq_blob->len);
+ 	/* move p to the portion holding the fingerprint of the current key */
+--
+2.34.1
diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
index 834b83d68..822e0ab97 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
@@ -24,6 +24,8 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
            file://CVE-2023-40661-6.patch \
            file://CVE-2023-40661-7.patch \
            file://CVE-2024-1454.patch \
+           file://CVE-2024-8443-0001.patch \
+           file://CVE-2024-8443-0002.patch \
           "
 
 # CVE-2021-34193 is a duplicate CVE covering the 5 individual