From 8f6d343ae639fba8e4b80e45257275e23083431f Mon Sep 17 00:00:00 2001 From: "Douglas Flick [MSFT]" Date: Fri, 12 Jan 2024 02:16:06 +0800 Subject: [PATCH] SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Jiewen Yao Signed-off-by: Doug Flick [MSFT] Reviewed-by: Jiewen Yao --- SecurityPkg/SecurityFixes.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml index f9e3e7be74..833fb827a9 100644 --- a/SecurityPkg/SecurityFixes.yaml +++ b/SecurityPkg/SecurityFixes.yaml @@ -20,3 +20,17 @@ CVE_2022_36763: - https://bugzilla.tianocore.org/show_bug.cgi?id=4117 - https://bugzilla.tianocore.org/show_bug.cgi?id=2168 - https://bugzilla.tianocore.org/show_bug.cgi?id=1990 +CVE_2022_36764: + commit_titles: + - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764" + - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764" + - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml" + cve: CVE-2022-36764 + date_reported: 2022-10-25 12:23 UTC + description: Heap Buffer Overflow in Tcg2MeasurePeImage() + note: + files_impacted: + - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c + - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4118