From 2794a967f43f2bbdfcd2cb5197ac8cad4b13c3de Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Wed, 17 Jan 2024 12:20:52 -0500 Subject: [PATCH 08/17] SecurityPkg: Adding CVE 2022-36763 to SecurityFixes.yaml RH-Author: Jon Maloy RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable() RH-Jira: RHEL-21154 RHEL-21156 RH-Acked-by: Laszlo Ersek RH-Commit: [8/13] 74117caf760e403566f6511332b2c0f41483f28c (jmaloy/jons_fork) JIRA: https://issues.redhat.com/browse/RHEL-21154 Upstream: Merged CVE: CVE-2022-36763 commit 1ddcb9fc6b4164e882687b031e8beacfcf7df29e Author: Douglas Flick [MSFT] Date: Fri Jan 12 02:16:03 2024 +0800 SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Jiewen Yao Signed-off-by: Doug Flick [MSFT] Reviewed-by: Jiewen Yao Signed-off-by: Jon Maloy --- SecurityPkg/SecurityFixes.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 SecurityPkg/SecurityFixes.yaml diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml new file mode 100644 index 0000000000..f9e3e7be74 --- /dev/null +++ b/SecurityPkg/SecurityFixes.yaml @@ -0,0 +1,22 @@ +## @file +# Security Fixes for SecurityPkg +# +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## +CVE_2022_36763: + commit_titles: + - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763" + - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763" + - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml" + cve: CVE-2022-36763 + date_reported: 2022-10-25 11:31 UTC + description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable() + note: This patch is related to and supersedes TCBZ2168 + files_impacted: + - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c + - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4117 + - https://bugzilla.tianocore.org/show_bug.cgi?id=2168 + - https://bugzilla.tianocore.org/show_bug.cgi?id=1990 -- 2.41.0