The security patches contained in this series with the exception of "MdePkg/Test: Add gRT_GetTime Google Test Mock" and "NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed during GHSA-hc6x-cw6p-gj7h infosec review.
This patch series contains the following security patches for the security vulnerabilities found by QuarksLab in the EDK II Network Stack: CVE-2023-45229 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read CVE-2023-45230 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2023-45231 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read CVE-2023-45232 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') CVE-2023-45233 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') CVE-2023-45234 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2023-45235 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer NetworkPkg: Cc: Saloni Kasbekar <saloni.kasbe...@intel.com> Cc: Zachary Clark-williams <zachary.clark-willi...@intel.com> MdePkg: Cc: Michael D Kinney <michael.d.kin...@intel.com> Cc: Liming Gao <gaolim...@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang....@intel.com> Doug Flick (8): NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Patch NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Unit Tests NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests Douglas Flick [MSFT] (6): NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests MdePkg: Test: Add gRT_GetTime Google Test Mock NetworkPkg: : Adds a SecurityFix.yaml file NetworkPkg/Test/NetworkPkgHostTest.dsc | 105 +++ .../GoogleTest/Dhcp6DxeGoogleTest.inf | 44 + .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 44 + .../GoogleTest/UefiPxeBcDxeGoogleTest.inf | 48 + .../Library/MockUefiRuntimeServicesTableLib.h | 7 + NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 143 +++ NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h | 78 +- .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h | 58 ++ .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 + NetworkPkg/Ip6Dxe/Ip6Option.h | 89 ++ .../GoogleTest/PxeBcDhcp6GoogleTest.h | 68 ++ NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h | 17 + NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 612 ++++++++----- NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 373 ++++++-- NetworkPkg/Ip6Dxe/Ip6Option.c | 84 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 148 ++- .../MockUefiRuntimeServicesTableLib.cpp | 5 +- .../GoogleTest/Dhcp6DxeGoogleTest.cpp | 20 + .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 ++++++++++++++++++ .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp | 20 + .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 411 +++++++++ NetworkPkg/NetworkPkg.ci.yaml | 118 ++- NetworkPkg/SecurityFixes.yaml | 123 +++ .../GoogleTest/PxeBcDhcp6GoogleTest.cpp | 574 ++++++++++++ .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp | 19 + 25 files changed, 3686 insertions(+), 401 deletions(-) create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp create mode 100644 NetworkPkg/SecurityFixes.yaml create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp -- 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114252): https://edk2.groups.io/g/devel/message/114252 Mute This Topic: https://groups.io/mt/103926729/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-