edk2.git - Cross-platform firmware development environment

diff options

author	Gua Guo <gua.guo@intel.com>	2024-01-11 13:03:26 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-01-26 03:40:09 +0000
commit	9a75b030cf27d2530444e9a2f9f11867f79bf679 (patch)
tree	0742cfee2485f31d28654af71c1d3ba3ec5428ee /License-History.txt
parent	aeaee8944f0eaacbf4cdf39279785b9ba4836bb6 (diff)
download	edk2-9a75b030cf27d2530444e9a2f9f11867f79bf679.tar.gz edk2-9a75b030cf27d2530444e9a2f9f11867f79bf679.tar.bz2 edk2-9a75b030cf27d2530444e9a2f9f11867f79bf679.zip

StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 Fix integer overflow in various CreateHob instances. Fixes: CVE-2022-36765 The CreateHob() function aligns the requested size to 8 performing the following operation: ``` HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); ``` No checks are performed to ensure this value doesn't overflow, and could lead to CreateHob() returning a smaller HOB than requested, which could lead to OOB HOB accesses. Reported-by: Marc Beatove <mbeatove@google.com> Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: John Mathew <john.mathews@intel.com> Authored-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gua Guo <gua.guo@intel.com>

Diffstat (limited to 'License-History.txt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: