diff options
| author | Douglas Flick [MSFT] <doug.edk2@gmail.com> | 2024-01-12 02:16:06 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-16 07:56:38 +0000 |
| commit | 8f6d343ae639fba8e4b80e45257275e23083431f (patch) | |
| tree | 1b3c4f4433b0dcb129c09b4e515029d1ccf2b2e2 /SecurityPkg | |
| parent | 0d341c01eeabe0ab5e76693b36e728b8f538a40e (diff) | |
| download | edk2-8f6d343ae639fba8e4b80e45257275e23083431f.tar.gz edk2-8f6d343ae639fba8e4b80e45257275e23083431f.tar.bz2 edk2-8f6d343ae639fba8e4b80e45257275e23083431f.zip | |
SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg')
| -rw-r--r-- | SecurityPkg/SecurityFixes.yaml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml index f9e3e7be74..833fb827a9 100644 --- a/SecurityPkg/SecurityFixes.yaml +++ b/SecurityPkg/SecurityFixes.yaml @@ -20,3 +20,17 @@ CVE_2022_36763: - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
- https://bugzilla.tianocore.org/show_bug.cgi?id=2168
- https://bugzilla.tianocore.org/show_bug.cgi?id=1990
+CVE_2022_36764:
+ commit_titles:
+ - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+ - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+ - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"
+ cve: CVE-2022-36764
+ date_reported: 2022-10-25 12:23 UTC
+ description: Heap Buffer Overflow in Tcg2MeasurePeImage()
+ note:
+ files_impacted:
+ - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+ - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4118
|