audk/UefiPayloadPkg/UefiPayloadEntry
Gua Guo 59f024c76e UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166

Fix integer overflow in various CreateHob instances.
Fixes: CVE-2022-36765

The CreateHob() function aligns the requested size to 8
performing the following operation:
```
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
```

No checks are performed to ensure this value doesn't
overflow, and could lead to CreateHob() returning a smaller
HOB than requested, which could lead to OOB HOB accesses.

Reported-by: Marc Beatove <mbeatove@google.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Reviewed-by: Gua Guo <gua.guo@intel.com>
Cc: John Mathew <john.mathews@intel.com>
Authored-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
2024-01-16 23:36:08 +00:00
..
Ia32 UefiPayloadPkg: Update code to be more C11 compliant by using __func__ 2023-04-10 14:19:57 +00:00
X64 UefiPayloadPkg: Fix Coverity report defect 2022-08-23 04:03:01 +00:00
AcpiTable.c UefiPayloadPkg/UefiPayloadEntry: Remove SCI enabling check 2024-01-10 01:43:54 +00:00
FitUniversalPayloadEntry.c UefiPayloadPkg/Hob: Integer Overflow in CreateHob() 2024-01-16 23:36:08 +00:00
FitUniversalPayloadEntry.inf UefiPayloadPkg: Add FIT support 2023-09-26 07:26:21 +00:00
LoadDxeCore.c
MemoryAllocation.c
PrintHob.c UefiPayloadPkg: Integrate UiApp and BootManagerMenuApp into MultiFv 2023-07-11 06:36:11 +00:00
UefiPayloadEntry.c UefiPayloadPkg: Always build MemoryTypeInformation HOB for DXE GCD 2023-04-12 11:50:30 +00:00
UefiPayloadEntry.h UefiPayloadPkg: Remove UefiCpuLib from module INFs. 2023-03-10 08:23:56 +00:00
UefiPayloadEntry.inf UefiPayloadPkg: Always build MemoryTypeInformation HOB for DXE GCD 2023-04-12 11:50:30 +00:00
UniversalPayloadEntry.c UefiPayloadPkg/Hob: Integer Overflow in CreateHob() 2024-01-16 23:36:08 +00:00
UniversalPayloadEntry.inf UefiPayloadPkg: Integrate UiApp and BootManagerMenuApp into MultiFv 2023-07-11 06:36:11 +00:00