Gua Guo 9a75b030cf StandaloneMmPkg/Hob: Integer Overflow in CreateHob() ... REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 Fix integer overflow in various CreateHob instances. Fixes: CVE-2022-36765 The CreateHob() function aligns the requested size to 8 performing the following operation: ``` HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); ``` No checks are performed to ensure this value doesn't overflow, and could lead to CreateHob() returning a smaller HOB than requested, which could lead to OOB HOB accesses. Reported-by: Marc Beatove <mbeatove@google.com> Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: John Mathew <john.mathews@intel.com> Authored-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gua Guo <gua.guo@intel.com>		2024-01-26 03:40:09 +00:00
..
Core	StandaloneMmPkg/Core: Remove optimization for depex evaluation	2024-01-23 18:26:25 +00:00
Drivers/StandaloneMmCpu	StandaloneMmPkg: Fix check buffer address failed issue from TF-A	2022-07-07 10:20:06 +00:00
Include	StandaloneMmPkg: Fix issue about SpPcpuSharedBufSize field	2022-07-07 10:20:06 +00:00
Library	StandaloneMmPkg/Hob: Integer Overflow in CreateHob()	2024-01-26 03:40:09 +00:00
StandaloneMmPkg.ci.yaml	StandaloneMmPkg: Update YAML to ignore specific ECC files/errors	2021-11-30 14:19:07 +00:00
StandaloneMmPkg.dec	StandaloneMmPkg/Core: Limit FwVol encapsulation section recursion	2023-12-19 09:29:07 +00:00
StandaloneMmPkg.dsc	StandaloneMmPkg: build for 32bit arm machines	2021-08-11 11:32:32 +00:00