sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml

Browse Source 
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Douglas Flick [MSFT]
2024-01-12 02:16:03 +08:00
committed by mergify[bot]
parent 4776a1b39e
commit 1ddcb9fc6b
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
SecurityPkg/SecurityFixes.yaml Normal file
View File

@@ -0,0 +1,22 @@
## @file
# Security Fixes for SecurityPkg
#
# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
CVE_2022_36763:
commit_titles:
- "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
- "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
- "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
cve: CVE-2022-36763
date_reported: 2022-10-25 11:31 UTC
description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
note: This patch is related to and supersedes TCBZ2168
files_impacted:
- Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
- Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
links:
- https://bugzilla.tianocore.org/show_bug.cgi?id=4117
- https://bugzilla.tianocore.org/show_bug.cgi?id=2168
- https://bugzilla.tianocore.org/show_bug.cgi?id=1990