Kirkstone ovmf cve fixes #101
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: https://nvd.nist.gov/vuln/detail/CVE-2022-36763 Upstream-patches: tianocore/edk2@2244465 tianocore/edk2@4776a1b tianocore/edk2@1ddcb9f Signed-off-by: Soumya Sambu <[email protected]>
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: https://nvd.nist.gov/vuln/detail/CVE-2022-36764 Upstream-patches: tianocore/edk2@c7b2794 tianocore/edk2@0d341c0 tianocore/edk2@8f6d343 Signed-off-by: Soumya Sambu <[email protected]>
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45230 Upstream-patches: tianocore/edk2@f31453e tianocore/edk2@5f36581 Signed-off-by: Soumya Sambu <[email protected]>
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45231 Upstream-patches: tianocore/edk2@bbfee34 tianocore/edk2@6f77463 Signed-off-by: Soumya Sambu <[email protected]>
CVE-2023-45232: EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. CVE-2023-45233: EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45232 https://nvd.nist.gov/vuln/detail/CVE-2023-45233 Upstream-patches: tianocore/edk2@4df0229 tianocore/edk2@c9c87f0 Signed-off-by: Soumya Sambu <[email protected]>
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45234 Upstream-patches: tianocore/edk2@1b53515 tianocore/edk2@458c582 Signed-off-by: Soumya Sambu <[email protected]>
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45235 Upstream-patches: tianocore/edk2@fac2977 tianocore/edk2@ff29863 Signed-off-by: Soumya Sambu <[email protected]>
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45229 Upstream-patches: tianocore/edk2@1dbb10c tianocore/edk2@0736276 tianocore/edk2@1c440a5 tianocore/edk2@1d0b95f Signed-off-by: Soumya Sambu <[email protected]>
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45237 Upstream-patches: tianocore/edk2@cf07238 tianocore/edk2@4c4ceb2 Signed-off-by: Soumya Sambu <[email protected]>
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. References: https://nvd.nist.gov/vuln/detail/CVE-2023-45236 Upstream-patch: tianocore/edk2@1904a64 Signed-off-by: Soumya Sambu <[email protected]>
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: https://nvd.nist.gov/vuln/detail/CVE-2022-36765 Upstream-patches: tianocore/edk2@59f024c tianocore/edk2@aeaee89 tianocore/edk2@9a75b03 Signed-off-by: Soumya Sambu <[email protected]>
Backport a fix from upstream to resolve CVE-2024-38796
tianocore/edk2@c95233b
Signed-off-by: Hongxu Jia <[email protected]>
Backport a fix from upstream to resolve CVE-2024-1298 tianocore/edk2@284dbac Signed-off-by: Hongxu Jia <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
af65d3e ovmf: fix CVE-2024-1298
c3d1be5 ovmf: fix CVE-2024-38796
260fc21 ovmf: Fix CVE-2022-36765
a9cd332 ovmf: Fix CVE-2023-45236
6f8bdaa ovmf: Fix CVE-2023-45237
23a87c5 ovmf: Fix CVE-2023-45229
dd26902 ovmf: Fix CVE-2023-45235
d9d9e66 ovmf: Fix CVE-2023-45234
c84eb03 ovmf: Fix CVE-2023-45232, CVE-2023-45233
bdff14d ovmf: Fix CVE-2023-45231
50b5017 ovmf: Fix CVE-2023-45230
aba1482 ovmf: Fix CVE-2022-36764
26db245 ovmf: Fix CVE-2022-36763