tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 07:34:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml

Browse Source 
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Douglas Flick [MSFT] 2024-01-12 02:16:06 +08:00 committed by mergify[bot]
parent 0d341c01ee
commit 8f6d343ae6
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
SecurityPkg/SecurityFixes.yaml
View File

@ -20,3 +20,17 @@ CVE_2022_36763:
- https://bugzilla.tianocore.org/show_bug.cgi?id=4117 - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
- https://bugzilla.tianocore.org/show_bug.cgi?id=2168 - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
- https://bugzilla.tianocore.org/show_bug.cgi?id=1990 - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
CVE_2022_36764:
commit_titles:
- "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
- "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
- "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"
cve: CVE-2022-36764
date_reported: 2022-10-25 12:23 UTC
description: Heap Buffer Overflow in Tcg2MeasurePeImage()
note:
files_impacted:
- Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
- Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
links:
- https://bugzilla.tianocore.org/show_bug.cgi?id=4118