The branches for 4.14, .15, and 4.16 are created and ready for patches to be pushed.
After the patches are merged, I'll handle the releases. Martin On Mon, Apr 25, 2022 at 11:54 PM Shawn C <shawn.ch...@hardenedvault.net> wrote: > > Nice hunt, Arthur! The attack surface in coreboot is lesser than UEFI but the > misconfig during the setup will lead to serious issue. This one is neat and > worth a CVE. Please use CVE-2022-29264 as record: > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29264 > > regards > Shawn > > > ------- Original Message ------- > On Thursday, April 7th, 2022 at 10:43 PM, Arthur Heymans > <art...@aheymans.xyz> wrote: > > > > Hi > > When refactoring the coreboot SMM setup I noticed that there is a security > > vulnerability in our SMM setup code. > > It boils down to this: except on the BSP the smihandler code will execute > > code at a random location, but most likely at offset 0. With some carefully > > crafted code a bootloader or the OS could place some code at that offset, > > generate an SMI on an AP and get control over SMM. More recent silicon has > > hardware mechanisms to avoid executing code outside the designated SMM area > > (TSEG) so those would not be affected. > > The commit introducing this problem is > > https://review.coreboot.org/c/coreboot/+/43684. > > Roughly it affects most x86 builds from end 2020/ beginning 2021 till now. > > > > https://review.coreboot.org/c/coreboot/+/63478 fixes the problem. (Feel > > free to review the rest of that series as it makes the smm setup much more > > readable ;-)) > > Kind regards > > Arthur > _______________________________________________ > coreboot mailing list -- coreboot@coreboot.org > To unsubscribe send an email to coreboot-le...@coreboot.org _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
