summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHongxu Jia <hongxu.jia@windriver.com>2024-11-22 17:46:15 +0800
committerSteve Sakoman <steve@sakoman.com>2024-12-09 07:54:03 -0800
commitf11c3027f415b59731d2aff67b7fd7abd8fd7b87 (patch)
tree6ed4f3ddd9502a989f3cbe2637fc0aa7235556b9
parente8a9aac72d6336aa5e8b2782676bd6015b1c3fde (diff)
downloadpoky-f11c3027f415b59731d2aff67b7fd7abd8fd7b87.tar.gz
ovmf: fix CVE-2024-38796
Backport a fix from upstream to resolve CVE-2024-38796 https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65 (From OE-Core rev: c3d1be52b4dc18e6980bf6c3f2e2cb7fba9f986e) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat
-rw-r--r--meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch37
-rw-r--r--meta/recipes-core/ovmf/ovmf_git.bb1
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch b/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
new file mode 100644
index 0000000000..8d36bdf1c1
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
@@ -0,0 +1,37 @@
1From c4d6af8428375c0343fcfd20bf1465e6d4be4690 Mon Sep 17 00:00:00 2001
2From: Doug Flick <dougflick@microsoft.com>
3Date: Fri, 22 Nov 2024 17:44:27 +0800
4Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
5
6The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
7also a UINT32 value. The current code does not check for overflow when
8adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
9check to ensure that the addition does not overflow.
10
11Signed-off-by: Doug Flick <dougflick@microsoft.com>
12Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
13
14CVE: CVE-2024-38796
15Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65]
16
17Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
18---
19 MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
23index 6d8d9faeb8..2339b111b5 100644
24--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
25+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
26@@ -1014,7 +1014,7 @@ PeCoffLoaderRelocateImage (
27 RelocDir = &Hdr.Te->DataDirectory[0];
28 }
29
30- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
31+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
32 RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
33 RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
34 ImageContext,
35--
362.34.1
37
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 1dba709824..e626d306a4 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -53,6 +53,7 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
53 file://CVE-2022-36765-0001.patch \ 53 file://CVE-2022-36765-0001.patch \
54 file://CVE-2022-36765-0002.patch \ 54 file://CVE-2022-36765-0002.patch \
55 file://CVE-2022-36765-0003.patch \ 55 file://CVE-2022-36765-0003.patch \
56 file://0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch \
56 " 57 "
57 58
58PV = "edk2-stable202202" 59PV = "edk2-stable202202"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-18 07:28:10 +0000