REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
Patch branch:
https://github.com/jwang36/edk2/tree/fix-bz1608-bypass-blacklist-check-via-signature
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Jian J Wang (8):
SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0
per DBX(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: fix wrong fetching dbx in
IsAllowedByDb(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching dbx in
IsAllowedByDb(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching code in
IsAllowedByDb(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: Differentiate error and search
result in IsCertHashFoundInDatabase(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: tighten default result of
IsForbiddenByDbx()(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: Differentiate error and search
result in IsSignatureFoundInDatabase(CVE-2019-14575)
Laszlo Ersek (1):
SecurityPkg/DxeImageVerificationLib: plug Data leak in
IsForbiddenByDbx()(CVE-2019-14575)
.../DxeImageVerificationLib.c | 283 ++++++++++++------
1 file changed, 191 insertions(+), 92 deletions(-)
--
2.24.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#53866): https://edk2.groups.io/g/devel/message/53866
Mute This Topic: https://groups.io/mt/71023416/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
