mirror of
https://gitlab.com/qemu-project/edk2.git
synced 2025-10-30 07:56:39 +08:00
d79d8d6a8d
This commit updates the SecurityFixes.yaml file to include information about the CVE-2024-38797 vulnerability. Signed-off-by: Doug Flick <DougFlick@microsoft.com>
58 lines
2.6 KiB
YAML
58 lines
2.6 KiB
YAML
## @file
|
|
# Security Fixes for SecurityPkg
|
|
#
|
|
# Copyright (c) Microsoft Corporation
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
##
|
|
CVE_2022_36763:
|
|
commit_titles:
|
|
- "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
|
|
- "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
|
|
- "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
|
|
- "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
|
|
- "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
|
|
- "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"
|
|
cve: CVE-2022-36763
|
|
date_reported: 2022-10-25 11:31 UTC
|
|
description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
|
|
note: This patch is related to and supersedes TCBZ2168
|
|
files_impacted:
|
|
- Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
|
|
- Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4117
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=2168
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=1990
|
|
CVE_2022_36764:
|
|
commit_titles:
|
|
- "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
|
|
- "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
|
|
- "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"
|
|
- "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
|
|
- "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
|
|
- "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"
|
|
cve: CVE-2022-36764
|
|
date_reported: 2022-10-25 12:23 UTC
|
|
description: Heap Buffer Overflow in Tcg2MeasurePeImage()
|
|
note:
|
|
files_impacted:
|
|
- Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
|
|
- Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4118
|
|
CVE_2024_38797:
|
|
commit-titles:
|
|
- "SecurityPkg: Out of bound read in HashPeImageByType()"
|
|
- "SecurityPkg: Improving HashPeImageByType () logic"
|
|
- "SecurityPkg: Improving SecureBootConfigImpl:HashPeImageByType () logic"
|
|
cve: CVE-2024-38797
|
|
date_reported: 2024-06-04 12:00 UTC
|
|
description: Out of bound read in HashPeImageByType()
|
|
note:
|
|
files_impacted:
|
|
- SecurityPkg\Library\DxeImageVerificationLib\DxeImageVerificationLib.c
|
|
- SecurityPkg\VariableAuthenticated\SecureBootConfigDxe\SecureBootConfigImpl.c
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=2214
|
|
- https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
|