-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
EmbeddedPkg/Hob: Integer Overflow in CreateHob()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 Fix integer overflow in various CreateHob instances. Fixes: CVE-2022-36765 The CreateHob() function aligns the requested size to 8 performing the following operation: ``` HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); ``` No checks are performed to ensure this value doesn't overflow, and could lead to CreateHob() returning a smaller HOB than requested, which could lead to OOB HOB accesses. Reported-by: Marc Beatove <[email protected]> Cc: Leif Lindholm <[email protected]> Reviewed-by: Ard Biesheuvel <[email protected]> Cc: Abner Chang <[email protected]> Cc: John Mathew <[email protected]> Authored-by: Gerd Hoffmann <[email protected]> Signed-off-by: Gua Guo <[email protected]>
- Loading branch information
1 parent
049695a
commit aeaee89
Showing
1 changed file
with
43 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters