Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kirkstone ovmf cve fixes #101

Merged
merged 13 commits into from
Dec 9, 2024
Merged

Conversation

hongxu-jia
Copy link
Contributor

af65d3e ovmf: fix CVE-2024-1298
c3d1be5 ovmf: fix CVE-2024-38796
260fc21 ovmf: Fix CVE-2022-36765
a9cd332 ovmf: Fix CVE-2023-45236
6f8bdaa ovmf: Fix CVE-2023-45237
23a87c5 ovmf: Fix CVE-2023-45229
dd26902 ovmf: Fix CVE-2023-45235
d9d9e66 ovmf: Fix CVE-2023-45234
c84eb03 ovmf: Fix CVE-2023-45232, CVE-2023-45233
bdff14d ovmf: Fix CVE-2023-45231
50b5017 ovmf: Fix CVE-2023-45230
aba1482 ovmf: Fix CVE-2022-36764
26db245 ovmf: Fix CVE-2022-36763

SoumyaWind and others added 13 commits December 4, 2024 11:30
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable()
function, allowing a user to trigger a heap buffer overflow via a local
network. Successful exploitation of this vulnerability may result in a
compromise of confidentiality, integrity, and/or availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-36763

Upstream-patches:
tianocore/edk2@2244465
tianocore/edk2@4776a1b
tianocore/edk2@1ddcb9f

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage()
function, allowing a user to trigger a heap buffer overflow via a local
network. Successful exploitation of this vulnerability may result in a
compromise of confidentiality, integrity, and/or availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-36764

Upstream-patches:
tianocore/edk2@c7b2794
tianocore/edk2@0d341c0
tianocore/edk2@8f6d343

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2's Network Package is susceptible to a buffer overflow vulnerability
via a long server ID option in DHCPv6 client. This vulnerability can be
exploited by an attacker to gain unauthorized access and potentially lead
to a loss of Confidentiality, Integrity and/or Availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45230

Upstream-patches:
tianocore/edk2@f31453e
tianocore/edk2@5f36581

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing  Neighbor Discovery Redirect message. This
vulnerability can be exploited by an attacker to gain unauthorized access
and potentially lead to a loss of Confidentiality.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45231

Upstream-patches:
tianocore/edk2@bbfee34
tianocore/edk2@6f77463

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
CVE-2023-45232:
EDK2's Network Package is susceptible to an infinite loop vulnerability
when parsing unknown options in the Destination Options header of IPv6.
This vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.

CVE-2023-45233:
EDK2's Network Package is susceptible to an infinite lop vulnerability
when parsing a PadN option in the Destination Options header of IPv6.
This vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45232
https://nvd.nist.gov/vuln/detail/CVE-2023-45233

Upstream-patches:
tianocore/edk2@4df0229
tianocore/edk2@c9c87f0

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2's Network Package is susceptible to a buffer overflow vulnerability
when processing DNS Servers option from a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized access
and potentially lead to a loss of Confidentiality, Integrity and/or
Availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45234

Upstream-patches:
tianocore/edk2@1b53515
tianocore/edk2@458c582

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2's Network Package is susceptible to a buffer overflow vulnerability
when handling Server ID option from a DHCPv6 proxy Advertise message.
This vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity
and/or Availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45235

Upstream-patches:
tianocore/edk2@fac2977
tianocore/edk2@ff29863

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing the IA_NA or IA_TA option in a DHCPv6
Advertise message. This vulnerability can be exploited by an attacker
to gain unauthorized access and potentially lead to a loss of
Confidentiality.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45229

Upstream-patches:
tianocore/edk2@1dbb10c
tianocore/edk2@0736276
tianocore/edk2@1c440a5
tianocore/edk2@1d0b95f

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence
Number. This vulnerability can be exploited by an attacker to gain
unauthorized access and potentially lead to a loss of Confidentiality.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45237

Upstream-patches:
tianocore/edk2@cf07238
tianocore/edk2@4c4ceb2

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2's Network Package is susceptible to a predictable TCP Initial
Sequence Number. This vulnerability can be exploited by an attacker
to gain unauthorized access and potentially lead to a loss of
Confidentiality.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45236

Upstream-patch:
tianocore/edk2@1904a64

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
EDK2 is susceptible to a vulnerability in the CreateHob() function,
allowing a user to trigger a integer overflow to buffer overflow
via a local network. Successful exploitation of this vulnerability
may result in a compromise of confidentiality, integrity, and/or
availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-36765

Upstream-patches:
tianocore/edk2@59f024c
tianocore/edk2@aeaee89
tianocore/edk2@9a75b03

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Backport a fix from upstream to resolve CVE-2024-38796

    tianocore/edk2@c95233b

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Backport a fix from upstream to resolve CVE-2024-1298

    tianocore/edk2@284dbac

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
@halstead halstead merged commit af65d3e into openembedded:kirkstone Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants