diff options
| author | Doug Flick <dougflick@microsoft.com> | 2025-04-07 11:23:41 -0700 |
|---|---|---|
| committer | Doug Flick <dougflick@microsoft.com> | 2025-04-08 08:03:16 -0700 |
| commit | 519366f542e9370bee982b1c3687ffedb5cabc21 (patch) | |
| tree | 42ea3830042c636a581bed96643f7763d7e47664 | |
| parent | 8676572908b950dd4d1f8985006011be99c0a5b6 (diff) | |
| download | edk2-security-advisory/cve-2024-38797/advisory.tar.gz edk2-security-advisory/cve-2024-38797/advisory.tar.bz2 edk2-security-advisory/cve-2024-38797/advisory.zip | |
SecurityPkg: Update SecurityFixes.yaml for CVE-2024-38797security-advisory/cve-2024-38797/advisory
This commit updates the SecurityFixes.yaml file to include
information about the CVE-2024-38797 vulnerability.
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
| -rw-r--r-- | SecurityPkg/SecurityFixes.yaml | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml index b4006b42b8..06b597a43e 100644 --- a/SecurityPkg/SecurityFixes.yaml +++ b/SecurityPkg/SecurityFixes.yaml @@ -40,3 +40,18 @@ CVE_2022_36764: - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
links:
- https://bugzilla.tianocore.org/show_bug.cgi?id=4118
+CVE_2024_38797:
+ commit-titles:
+ - "SecurityPkg: Out of bound read in HashPeImageByType()"
+ - "SecurityPkg: Improving HashPeImageByType () logic"
+ - "SecurityPkg: Improving SecureBootConfigImpl:HashPeImageByType () logic"
+ cve: CVE-2024-38797
+ date_reported: 2024-06-04 12:00 UTC
+ description: Out of bound read in HashPeImageByType()
+ note:
+ files_impacted:
+ - SecurityPkg\Library\DxeImageVerificationLib\DxeImageVerificationLib.c
+ - SecurityPkg\VariableAuthenticated\SecureBootConfigDxe\SecureBootConfigImpl.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=2214
+ - https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
|