Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 744412 (CVE-2019-14562)

Summary: <sys-firmware/edk2-ovmf-202008: alignment overflow (CVE-2019-14562)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: mva, tamiko, virtualization
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/tianocore/edk2/commit/0b143fa43e92be15d11e22f80773bcb1b2b0608f
Whiteboard: B3 [noglsa cve]
Package list:
sys-firmware/edk2-ovmf-202008
 Runtime testing required: ---
Bug Depends on: 759298    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-09-24 01:25:43 UTC 
From commit message at $URL:

The DxeImageVerificationHandler() function currently checks whether
"SecDataDir" has enough room for "WinCertificate->dwLength". However, for
advancing "OffSet", "WinCertificate->dwLength" is aligned to the next
multiple of 8. If "WinCertificate->dwLength" is large enough, the
alignment will return 0, and "OffSet" will be stuck at the same value.

Patch is at $URL, and seems there's been a tag since that commit.
Comment 1 Larry the Git Cow gentoo-dev 2020-10-02 10:38:06 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4342ef6d64286089e4a4b25dca5b15a5edb53dca

commit 4342ef6d64286089e4a4b25dca5b15a5edb53dca
Author:     Vadim Misbakh-Soloviov <mva@gentoo.org>
AuthorDate: 2020-10-02 10:37:58 +0000
Commit:     Vadim Misbakh-Soloviov <mva@gentoo.org>
CommitDate: 2020-10-02 10:37:58 +0000

    sys-firmware/edk2-ovmf: Bump
    
    Bug: https://bugs.gentoo.org/712288
    Bug: https://bugs.gentoo.org/744412
    Bug: https://bugs.gentoo.org/734146
    Package-Manager: Portage-3.0.6, Repoman-3.0.1
    Signed-off-by: Vadim Misbakh-Soloviov <mva@gentoo.org>

 sys-firmware/edk2-ovmf/Manifest                |   5 +
 sys-firmware/edk2-ovmf/edk2-ovmf-201905.ebuild |   3 +
 sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild | 184 +++++++++++++++++++++++++
 3 files changed, 192 insertions(+)
Comment 2 Vadim A. Misbakh-Soloviov (mva) (RETIRED) gentoo-dev 2020-10-02 10:39:34 UTC 
Now we'll wait for stabilization of 202008 before closing this bug
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-10-02 19:11:37 UTC 
Ok, please do so when ready.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-11 23:43:56 UTC 
arm64 done
Comment 5 Agostino Sarubbo gentoo-dev 2020-10-13 09:28:59 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-10-13 10:02:57 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2020-12-23 01:29:53 UTC 
GLSA Vote: No