[edk2-devel] [PATCH 00/14] Security Patches for EDK II Network Stack

Tue, 23 Jan 2024 21:20:35 -0800 

The security patches contained in this series with the exception of
"MdePkg/Test: Add gRT_GetTime Google Test Mock" and
"NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed
during GHSA-hc6x-cw6p-gj7h infosec review.

This patch series contains the following security patches for the
security vulnerabilities found by QuarksLab in the EDK II Network
Stack:

CVE-2023-45229
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

CVE-2023-45230
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds 
 of a Memory Buffer

CVE-2023-45231
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

CVE-2023-45232
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2023-45233
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2023-45234
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

CVE-2023-45235
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

NetworkPkg:
Cc: Saloni Kasbekar <saloni.kasbe...@intel.com>
Cc: Zachary Clark-williams <zachary.clark-willi...@intel.com>

MdePkg:
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang....@intel.com>

Doug Flick (8):
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Patch
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Unit Tests
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests

Douglas Flick [MSFT] (6):
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests
  MdePkg: Test: Add gRT_GetTime Google Test Mock
  NetworkPkg: : Adds a SecurityFix.yaml file

 NetworkPkg/Test/NetworkPkgHostTest.dsc        | 105 +++
 .../GoogleTest/Dhcp6DxeGoogleTest.inf         |  44 +
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf    |  44 +
 .../GoogleTest/UefiPxeBcDxeGoogleTest.inf     |  48 +
 .../Library/MockUefiRuntimeServicesTableLib.h |   7 +
 NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h               | 143 +++
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h            |  78 +-
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h   |  58 ++
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h   |  40 +
 NetworkPkg/Ip6Dxe/Ip6Option.h                 |  89 ++
 .../GoogleTest/PxeBcDhcp6GoogleTest.h         |  68 ++
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h          |  17 +
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c                 | 612 ++++++++-----
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c            | 373 ++++++--
 NetworkPkg/Ip6Dxe/Ip6Option.c                 |  84 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c          | 148 ++-
 .../MockUefiRuntimeServicesTableLib.cpp       |   5 +-
 .../GoogleTest/Dhcp6DxeGoogleTest.cpp         |  20 +
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 ++++++++++++++++++
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp    |  20 +
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 411 +++++++++
 NetworkPkg/NetworkPkg.ci.yaml                 | 118 ++-
 NetworkPkg/SecurityFixes.yaml                 | 123 +++
 .../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 574 ++++++++++++
 .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp     |  19 +
 25 files changed, 3686 insertions(+), 401 deletions(-)
 create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
 create mode 100644 
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
 create mode 100644 NetworkPkg/SecurityFixes.yaml
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
 create mode 100644 
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp

-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114252): https://edk2.groups.io/g/devel/message/114252
Mute This Topic: https://groups.io/mt/103926729/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to