SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml

This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Jiewen Yao <[email protected]> Signed-off-by: Doug Flick [MSFT] <[email protected]> Reviewed-by: Jiewen Yao <[email protected]>
tianocore · Jan 16, 2024 · 8f6d343 · 8f6d343
1 parent 0d341c0
commit 8f6d343
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
@@ -20,3 +20,17 @@ CVE_2022_36763:
   - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
   - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
   - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
+CVE_2022_36764:
+  commit_titles:
+     - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+     - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+     - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"
+  cve: CVE-2022-36764
+  date_reported: 2022-10-25 12:23 UTC
+  description: Heap Buffer Overflow in Tcg2MeasurePeImage()
+  note:
+  files_impacted:
+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+  links:
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=4118