diff options
author | Douglas Flick [MSFT] <doug.edk2@gmail.com> | 2024-01-12 02:16:03 +0800 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-16 07:56:38 +0000 |
commit | 1ddcb9fc6b4164e882687b031e8beacfcf7df29e (patch) | |
tree | 92566427fc078b0e7098b3eb32fe46af3a1eb724 /SecurityPkg | |
parent | 4776a1b39ee08fc45c70c1eab5a0195f325000d3 (diff) | |
download | edk2-1ddcb9fc6b4164e882687b031e8beacfcf7df29e.zip edk2-1ddcb9fc6b4164e882687b031e8beacfcf7df29e.tar.gz edk2-1ddcb9fc6b4164e882687b031e8beacfcf7df29e.tar.bz2 |
SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg')
-rw-r--r-- | SecurityPkg/SecurityFixes.yaml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml new file mode 100644 index 0000000..f9e3e7b --- /dev/null +++ b/SecurityPkg/SecurityFixes.yaml @@ -0,0 +1,22 @@ +## @file
+# Security Fixes for SecurityPkg
+#
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+CVE_2022_36763:
+ commit_titles:
+ - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
+ - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
+ - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
+ cve: CVE-2022-36763
+ date_reported: 2022-10-25 11:31 UTC
+ description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
+ note: This patch is related to and supersedes TCBZ2168
+ files_impacted:
+ - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+ - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
|