* Tue Oct 29 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.4
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60830] - Resolves: RHEL-60830 (CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z])
This commit is contained in:
Jon Maloy
parent
fe4d8ec127
commit
f97b5169d8
63
edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
Normal file
63
edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
Normal file
@ -0,0 +1,63 @@
|
||||
From 30da4837584643c637eea751dbb01e0718fa764d Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 21 Oct 2024 14:45:37 -0400
|
||||
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 96: MdePkg: Fix overflow issue in BasePeCoffLib
|
||||
RH-Jira: RHEL-60830
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [1/1] 5406406ac2711215ec2bd3d9c1a2e6bb268dda38 (jmaloy/jons_fork)
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-60830
|
||||
CVE: CVE-2024-38796
|
||||
Upstream: Merged
|
||||
|
||||
commit c95233b8525ca6828921affd1496146cff262e65
|
||||
Author: Doug Flick <dougflick@microsoft.com>
|
||||
Date: Fri Sep 27 12:08:55 2024 -0700
|
||||
|
||||
MdePkg: Fix overflow issue in BasePeCoffLib
|
||||
|
||||
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
|
||||
also a UINT32 value. The current code does not check for overflow when
|
||||
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
|
||||
check to ensure that the addition does not overflow.
|
||||
|
||||
Signed-off-by: Doug Flick <dougflick@microsoft.com>
|
||||
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 15 ++++++++-------
|
||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||
index 1102833b94..6b1ccc7217 100644
|
||||
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||
@@ -991,13 +991,14 @@ PeCoffLoaderRelocateImage (
|
||||
RelocDir = &Hdr.Te->DataDirectory[0];
|
||||
}
|
||||
|
||||
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
|
||||
- RelocBase = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
|
||||
- RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext,
|
||||
- RelocDir->VirtualAddress + RelocDir->Size - 1,
|
||||
- TeStrippedOffset
|
||||
- );
|
||||
- if (RelocBase == NULL || RelocBaseEnd == NULL || (UINTN) RelocBaseEnd < (UINTN) RelocBase) {
|
||||
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
|
||||
+ RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
|
||||
+ RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
|
||||
+ ImageContext,
|
||||
+ RelocDir->VirtualAddress + RelocDir->Size - 1,
|
||||
+ TeStrippedOffset
|
||||
+ );
|
||||
+ if ((RelocBase == NULL) || (RelocBaseEnd == NULL) || ((UINTN)RelocBaseEnd < (UINTN)RelocBase)) {
|
||||
ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
|
||||
return RETURN_LOAD_ERROR;
|
||||
}
|
||||
--
|
||||
2.45.2
|
||||
|
||||
@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64
|
||||
|
||||
Name: edk2
|
||||
Version: %{GITDATE}git%{GITCOMMIT}
|
||||
Release: 13%{?dist}.3
|
||||
Release: 13%{?dist}.4
|
||||
Summary: UEFI firmware for 64-bit virtual machines
|
||||
Group: Applications/Emulators
|
||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||
@ -386,6 +386,8 @@ Patch114: edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
|
||||
Patch115: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
|
||||
# For RHEL-53009 - No http boot support on edk2-ovmf-20231122-6.el9_4.2 [rhel-8.10.z]
|
||||
Patch116: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
|
||||
# For RHEL-60830 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z]
|
||||
Patch117: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
|
||||
|
||||
|
||||
# python3-devel and libuuid-devel are required for building tools.
|
||||
@ -832,6 +834,11 @@ true
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Oct 29 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.4
|
||||
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60830]
|
||||
- Resolves: RHEL-60830
|
||||
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z])
|
||||
|
||||
* Mon Aug 26 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.3
|
||||
- edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-53009]
|
||||
- Resolves: RHEL-53009
|
||||
|
||||
Loading…
Reference in New Issue
Block a user