Re: [OE-core] [scarthgap][PATCH V2 1/2] ovmf: fix CVE-2024-38796

hongxu via lists.openembedded.org Thu, 28 Nov 2024 00:14:57 -0800

Hi Steve,

I am afraid the issue was caused by  CR("^M") in ovmf source code


The source of ovmf use CR (^M) as new line, we should use 'git am --keep-cr 
xxxx.patch' to apply the patch,
otherwise do_patch failed

But I do not know how you apply the patch to your build or via patchtest 
automatically, do you use git am with option --keep-cr?


//Hongxu
________________________________
From: Steve Sakoman <st...@sakoman.com>
Sent: Thursday, November 28, 2024 2:24 AM
To: Jia, Hongxu <hongxu....@windriver.com>
Cc: openembedded-core@lists.openembedded.org 
<openembedded-core@lists.openembedded.org>
Subject: Re: [scarthgap][PATCH V2 1/2] ovmf: fix CVE-2024-38796

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

I'm also getting build time errors on the scarthgap version (also
seems to be line ending related):

https://errors.yoctoproject.org/Errors/Details/836555/

Steve

On Mon, Nov 25, 2024 at 7:26 PM Hongxu Jia <hongxu....@windriver.com> wrote:
>
> Backport fix from upstream to resolve CVE-2024-38796
>
>   
> https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65
>
> Signed-off-by: Hongxu Jia <hongxu....@windriver.com>
> ---
>  ...-Fix-overflow-issue-in-BasePeCoffLib.patch | 36 +++++++++++++++++++
>  meta/recipes-core/ovmf/ovmf_git.bb            |  1 +
>  2 files changed, 37 insertions(+)
>  create mode 100644 
> meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
>
> diff --git 
> a/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
>  
> b/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
> new file mode 100644
> index 0000000000..c6e15c5069
> --- /dev/null
> +++ 
> b/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
> @@ -0,0 +1,36 @@
> +From 5f7bd3f3c4747d5bb2733f017f8c5b93b63a74e3 Mon Sep 17 00:00:00 2001
> +From: Doug Flick <dougfl...@microsoft.com>
> +Date: Fri, 22 Nov 2024 13:03:33 +0800
> +Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
> +
> +The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
> +also a UINT32 value. The current code does not check for overflow when
> +adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
> +check to ensure that the addition does not overflow.
> +
> +Signed-off-by: Doug Flick <dougfl...@microsoft.com>
> +Authored-by: sriraamx gobichettipalayam <sr...@intel.com>
> +
> +CVE: CVE-2024-38796
> +Upstream-Status: Backport 
> [https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65]
> +Signed-off-by: Hongxu Jia <hongxu....@windriver.com>
> +---
> + MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c 
> b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
> +index 86ff2e7..128090d 100644
> +--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
> ++++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
> +@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
> +     RelocDir = &Hdr.Te->DataDirectory[0];
> +   }
> +
> +-  if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
> ++  if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < 
> MAX_UINT32 - RelocDir->VirtualAddress)) {
> +     RelocBase    = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress 
> (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
> +     RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
> +                                                   ImageContext,
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-core/ovmf/ovmf_git.bb 
> b/meta/recipes-core/ovmf/ovmf_git.bb
> index 35ca8d1834..cc2ac4268c 100644
> --- a/meta/recipes-core/ovmf/ovmf_git.bb
> +++ b/meta/recipes-core/ovmf/ovmf_git.bb
> @@ -24,6 +24,7 @@ SRC_URI = 
> "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
>             
> file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
>             file://0003-debug-prefix-map.patch \
>             file://0004-reproducible.patch \
> +           file://0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch \
>             "
>
>  PV = "edk2-stable202402"
> --
> 2.25.1
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#207980): 
https://lists.openembedded.org/g/openembedded-core/message/207980
Mute This Topic: https://lists.openembedded.org/mt/109784693/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [scarthgap][PATCH V2 1/2] ovmf: fix CVE-2024-38796

Reply via email to