Proxmox-Port/edk2
1
0
Fork 0
mirror of https://github.com/tianocore/edk2.git synced 2025-09-16 16:43:03 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

SecurityPkg: Update SecurityFixes.yaml for CVE-2024-38797

Browse Source 
This commit updates the SecurityFixes.yaml file to include
information about the CVE-2024-38797 vulnerability.

Signed-off-by: Doug Flick <DougFlick@microsoft.com>
This commit is contained in:
Doug Flick 2025-04-07 11:23:41 -07:00 committed by mergify[bot]
parent 025ab811fb
commit d79d8d6a8d
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
SecurityPkg/SecurityFixes.yaml
View File

@ -40,3 +40,18 @@ CVE_2022_36764:
- Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
links: links:
- https://bugzilla.tianocore.org/show_bug.cgi?id=4118 - https://bugzilla.tianocore.org/show_bug.cgi?id=4118
CVE_2024_38797:
commit-titles:
- "SecurityPkg: Out of bound read in HashPeImageByType()"
- "SecurityPkg: Improving HashPeImageByType () logic"
- "SecurityPkg: Improving SecureBootConfigImpl:HashPeImageByType () logic"
cve: CVE-2024-38797
date_reported: 2024-06-04 12:00 UTC
description: Out of bound read in HashPeImageByType()
note:
files_impacted:
- SecurityPkg\Library\DxeImageVerificationLib\DxeImageVerificationLib.c
- SecurityPkg\VariableAuthenticated\SecureBootConfigDxe\SecureBootConfigImpl.c
links:
- https://bugzilla.tianocore.org/show_bug.cgi?id=2214
- https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf