tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/StandaloneMmPkg/Library/StandaloneMmCoreHobLib
History
Gua Guo 9a75b030cf StandaloneMmPkg/Hob: Integer Overflow in CreateHob() 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166

Fix integer overflow in various CreateHob instances.
Fixes: CVE-2022-36765

The CreateHob() function aligns the requested size to 8
performing the following operation:
```
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
```

No checks are performed to ensure this value doesn't
overflow, and could lead to CreateHob() returning a smaller
HOB than requested, which could lead to OOB HOB accesses.

Reported-by: Marc Beatove <mbeatove@google.com>
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: John Mathew <john.mathews@intel.com>
Authored-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
 		2024-01-26 03:40:09 +00:00
..
Arm StandaloneMmPkg/Hob: Integer Overflow in CreateHob() 2024-01-26 03:40:09 +00:00
X64 StandaloneMmPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
Common.c StandaloneMmPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
StandaloneMmCoreHobLib.inf StandaloneMmPkg: build for 32bit arm machines 2021-08-11 11:32:32 +00:00