You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69 lines
2.4 KiB
69 lines
2.4 KiB
9 months ago
|
From 2794a967f43f2bbdfcd2cb5197ac8cad4b13c3de Mon Sep 17 00:00:00 2001
|
||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||
|
Date: Wed, 17 Jan 2024 12:20:52 -0500
|
||
|
Subject: [PATCH 08/17] SecurityPkg: Adding CVE 2022-36763 to
|
||
|
SecurityFixes.yaml
|
||
|
|
||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||
|
RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
|
||
|
RH-Jira: RHEL-21154 RHEL-21156
|
||
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||
|
RH-Commit: [8/13] 74117caf760e403566f6511332b2c0f41483f28c (jmaloy/jons_fork)
|
||
|
|
||
|
JIRA: https://issues.redhat.com/browse/RHEL-21154
|
||
|
Upstream: Merged
|
||
|
CVE: CVE-2022-36763
|
||
|
|
||
|
commit 1ddcb9fc6b4164e882687b031e8beacfcf7df29e
|
||
|
Author: Douglas Flick [MSFT] <doug.edk2@gmail.com>
|
||
|
Date: Fri Jan 12 02:16:03 2024 +0800
|
||
|
|
||
|
SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
|
||
|
|
||
|
This creates / adds a security file that tracks the security fixes
|
||
|
found in this package and can be used to find the fixes that were
|
||
|
applied.
|
||
|
|
||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||
|
|
||
|
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
||
|
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
||
|
|
||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||
|
---
|
||
|
SecurityPkg/SecurityFixes.yaml | 22 ++++++++++++++++++++++
|
||
|
1 file changed, 22 insertions(+)
|
||
|
create mode 100644 SecurityPkg/SecurityFixes.yaml
|
||
|
|
||
|
diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
|
||
|
new file mode 100644
|
||
|
index 0000000000..f9e3e7be74
|
||
|
--- /dev/null
|
||
|
+++ b/SecurityPkg/SecurityFixes.yaml
|
||
|
@@ -0,0 +1,22 @@
|
||
|
+## @file
|
||
|
+# Security Fixes for SecurityPkg
|
||
|
+#
|
||
|
+# Copyright (c) Microsoft Corporation
|
||
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||
|
+##
|
||
|
+CVE_2022_36763:
|
||
|
+ commit_titles:
|
||
|
+ - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
|
||
|
+ - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
|
||
|
+ - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
|
||
|
+ cve: CVE-2022-36763
|
||
|
+ date_reported: 2022-10-25 11:31 UTC
|
||
|
+ description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
|
||
|
+ note: This patch is related to and supersedes TCBZ2168
|
||
|
+ files_impacted:
|
||
|
+ - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
|
||
|
+ - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
|
||
|
+ links:
|
||
|
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
|
||
|
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
|
||
|
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
|
||
|
--
|
||
|
2.41.0
|
||
|
|