4c4ceb2ceb
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542 Bug Overview: PixieFail Bug #9 CVE-2023-45237 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Use of a Weak PseudoRandom Number Generator Change Overview: Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either > > EFI_STATUS > EFIAPI > PseudoRandomU32 ( > OUT UINT32 *Output > ); > or (depending on the use case) > > EFI_STATUS > EFIAPI > PseudoRandom ( > OUT VOID *Output, > IN UINTN OutputLength > ); > This is because the use of Example: The following code snippet PseudoRandomU32 () function is used: > > UINT32 Random; > > Status = PseudoRandomU32 (&Random); > if (EFI_ERROR (Status)) { > DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > return Status; > } > This also introduces a new PCD to enable/disable the use of the secure implementation of algorithms for PseudoRandom () and instead depend on the default implementation. This may be required for some platforms where the UEFI Spec defined algorithms are not available. > > PcdEnforceSecureRngAlgorithms > If the platform does not have any one of the UEFI defined secure RNG algorithms then the driver will assert. Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
164 lines
7.5 KiB
YAML
164 lines
7.5 KiB
YAML
## @file
|
|
# Security Fixes for SecurityPkg
|
|
#
|
|
# Copyright (c) Microsoft Corporation
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
##
|
|
CVE_2023_45229:
|
|
commit_titles:
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch"
|
|
cve: CVE-2023-45229
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message"
|
|
note:
|
|
files_impacted:
|
|
- NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
|
|
- NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4534
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45229
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
|
CVE_2023_45230:
|
|
commit_titles:
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests"
|
|
cve: CVE-2023-45230
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 02 - edk2/NetworkPkg: Buffer overflow in the DHCPv6 client via a long Server ID option"
|
|
note:
|
|
files_impacted:
|
|
- NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
|
|
- NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4535
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45230
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
|
CVE_2023_45231:
|
|
commit_titles:
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Patch"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests"
|
|
cve: CVE-2023-45231
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 03 - edk2/NetworkPkg: Out-of-bounds read when handling a ND Redirect message with truncated options"
|
|
note:
|
|
files_impacted:
|
|
- NetworkPkg/Ip6Dxe/Ip6Option.c
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4536
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45231
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
|
CVE_2023_45232:
|
|
commit_titles:
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
|
|
cve: CVE-2023-45232
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 04 - edk2/NetworkPkg: Infinite loop when parsing unknown options in the Destination Options header"
|
|
note:
|
|
files_impacted:
|
|
- NetworkPkg/Ip6Dxe/Ip6Option.c
|
|
- NetworkPkg/Ip6Dxe/Ip6Option.h
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4537
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45232
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
|
CVE_2023_45233:
|
|
commit_titles:
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
|
|
cve: CVE-2023-45233
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 05 - edk2/NetworkPkg: Infinite loop when parsing a PadN option in the Destination Options header "
|
|
note: This was fixed along with CVE-2023-45233
|
|
files_impacted:
|
|
- NetworkPkg/Ip6Dxe/Ip6Option.c
|
|
- NetworkPkg/Ip6Dxe/Ip6Option.h
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4538
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45233
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
|
CVE_2023_45234:
|
|
commit_titles:
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Patch"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Unit Tests"
|
|
cve: CVE-2023-45234
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 06 - edk2/NetworkPkg: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message"
|
|
note:
|
|
files_impacted:
|
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4539
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45234
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
|
CVE_2023_45235:
|
|
commit_titles:
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Patch"
|
|
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Unit Tests"
|
|
cve: CVE-2023-45235
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 07 - edk2/NetworkPkg: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message"
|
|
note:
|
|
files_impacted:
|
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
|
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4540
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45235
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
|
CVE_2023_45237:
|
|
commit_titles:
|
|
- "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
|
|
cve: CVE-2023-45237
|
|
date_reported: 2023-08-28 13:56 UTC
|
|
description: "Bug 09 - Use of a Weak PseudoRandom Number Generator"
|
|
note:
|
|
files_impacted:
|
|
- NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
|
|
- NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
|
|
- NetworkPkg/DnsDxe/DnsDhcp.c
|
|
- NetworkPkg/DnsDxe/DnsImpl.c
|
|
- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
|
|
- NetworkPkg/IScsiDxe/IScsiCHAP.c
|
|
- NetworkPkg/IScsiDxe/IScsiMisc.c
|
|
- NetworkPkg/IScsiDxe/IScsiMisc.h
|
|
- NetworkPkg/Include/Library/NetLib.h
|
|
- NetworkPkg/Ip4Dxe/Ip4Driver.c
|
|
- NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
|
|
- NetworkPkg/Ip6Dxe/Ip6Driver.c
|
|
- NetworkPkg/Ip6Dxe/Ip6If.c
|
|
- NetworkPkg/Ip6Dxe/Ip6Mld.c
|
|
- NetworkPkg/Ip6Dxe/Ip6Nd.c
|
|
- NetworkPkg/Ip6Dxe/Ip6Nd.h
|
|
- NetworkPkg/Library/DxeNetLib/DxeNetLib.c
|
|
- NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
|
|
- NetworkPkg/NetworkPkg.dec
|
|
- NetworkPkg/TcpDxe/TcpDriver.c
|
|
- NetworkPkg/Udp4Dxe/Udp4Driver.c
|
|
- NetworkPkg/Udp6Dxe/Udp6Driver.c
|
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
|
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
|
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
|
|
links:
|
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4542
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45237
|
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|