SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml

This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Jiewen Yao <[email protected]> Signed-off-by: Doug Flick [MSFT] <[email protected]> Reviewed-by: Jiewen Yao <[email protected]>
tianocore · Jan 16, 2024 · 1ddcb9f · 1ddcb9f
1 parent 4776a1b
commit 1ddcb9f
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
@@ -0,0 +1,22 @@
+## @file
+# Security Fixes for SecurityPkg
+#
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+CVE_2022_36763:
+  commit_titles:
+    - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
+    - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
+    - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
+  cve: CVE-2022-36763
+  date_reported: 2022-10-25 11:31 UTC
+  description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
+  note: This patch is related to and supersedes TCBZ2168
+  files_impacted:
+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+  links:
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=1990