* Tue Oct 29 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.4

- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60830]
- Resolves: RHEL-60830
  (CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z])
This commit is contained in:
Jon Maloy 2024-10-29 10:02:10 -04:00
parent fe4d8ec127
commit f97b5169d8
2 changed files with 71 additions and 1 deletions

View File

@ -0,0 +1,63 @@
From 30da4837584643c637eea751dbb01e0718fa764d Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Mon, 21 Oct 2024 14:45:37 -0400
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 96: MdePkg: Fix overflow issue in BasePeCoffLib
RH-Jira: RHEL-60830
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 5406406ac2711215ec2bd3d9c1a2e6bb268dda38 (jmaloy/jons_fork)
JIRA: https://issues.redhat.com/browse/RHEL-60830
CVE: CVE-2024-38796
Upstream: Merged
commit c95233b8525ca6828921affd1496146cff262e65
Author: Doug Flick <dougflick@microsoft.com>
Date: Fri Sep 27 12:08:55 2024 -0700
MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 1102833b94..6b1ccc7217 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -991,13 +991,14 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
- RelocBase = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
- RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext,
- RelocDir->VirtualAddress + RelocDir->Size - 1,
- TeStrippedOffset
- );
- if (RelocBase == NULL || RelocBaseEnd == NULL || (UINTN) RelocBaseEnd < (UINTN) RelocBase) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
+ RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
+ RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
+ ImageContext,
+ RelocDir->VirtualAddress + RelocDir->Size - 1,
+ TeStrippedOffset
+ );
+ if ((RelocBase == NULL) || (RelocBaseEnd == NULL) || ((UINTN)RelocBaseEnd < (UINTN)RelocBase)) {
ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
return RETURN_LOAD_ERROR;
}
--
2.45.2

View File

@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2 Name: edk2
Version: %{GITDATE}git%{GITCOMMIT} Version: %{GITDATE}git%{GITCOMMIT}
Release: 13%{?dist}.3 Release: 13%{?dist}.4
Summary: UEFI firmware for 64-bit virtual machines Summary: UEFI firmware for 64-bit virtual machines
Group: Applications/Emulators Group: Applications/Emulators
License: BSD-2-Clause-Patent and OpenSSL and MIT License: BSD-2-Clause-Patent and OpenSSL and MIT
@ -386,6 +386,8 @@ Patch114: edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
Patch115: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch Patch115: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
# For RHEL-53009 - No http boot support on edk2-ovmf-20231122-6.el9_4.2 [rhel-8.10.z] # For RHEL-53009 - No http boot support on edk2-ovmf-20231122-6.el9_4.2 [rhel-8.10.z]
Patch116: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch Patch116: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
# For RHEL-60830 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z]
Patch117: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
# python3-devel and libuuid-devel are required for building tools. # python3-devel and libuuid-devel are required for building tools.
@ -832,6 +834,11 @@ true
%endif %endif
%changelog %changelog
* Tue Oct 29 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.4
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60830]
- Resolves: RHEL-60830
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z])
* Mon Aug 26 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.3 * Mon Aug 26 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.3
- edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-53009] - edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-53009]
- Resolves: RHEL-53009 - Resolves: RHEL-53009