On Thu, May 30, 2024 at 10:49:25AM GMT, Michael Brown wrote:
> On 30/05/2024 11:33, Gerd Hoffmann wrote:
> > Most likely it is exactly this ...
> >
> > > As of commit
> > > https://github.com/ipxe/ipxe/commit/6769a7c3c, we now deliberately leak
> > > resources once ExitBootServices has been trigge
On 30/05/2024 11:33, Gerd Hoffmann wrote:
Most likely it is exactly this ...
As of commit
https://github.com/ipxe/ipxe/commit/6769a7c3c, we now deliberately leak
resources once ExitBootServices has been triggered by skipping the cleanup
calls to UninstallMultipleProtocolInterfaces etc.
... as
On Thu, May 30, 2024 at 10:08:26AM GMT, Michael Brown wrote:
> iPXE shouldn't be triggering any protocol installations in response to
> ExitBootServices.
>
> We used to make a good-faith effort to clean up gracefully by uninstalling
> protocols. This ended up exposing so many bugs in EDK2 and thi
On 30/05/2024 10:31, Gerd Hoffmann wrote:
On Thu, May 30, 2024 at 01:07:45PM GMT, gaoliming via groups.io wrote:
If ASSERT trigs the exception, could call stack show each caller?
Turned out to be ipxe, apparently it has a exit-boot-services handler
which triggers all this.
iPXE shouldn't be
On Thu, May 30, 2024 at 01:07:45PM GMT, gaoliming via groups.io wrote:
> If ASSERT trigs the exception, could call stack show each caller?
Turned out to be ipxe, apparently it has a exit-boot-services handler
which triggers all this.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: Y
If ASSERT trigs the exception, could call stack show each caller?
Thanks
Liming
> -邮件原件-
> 发件人: Gerd Hoffmann
> 发送时间: 2024年5月29日 21:09
> 收件人: devel@edk2.groups.io; dougfl...@microsoft.com
> 抄送: Liming Gao ; Ard Biesheuvel
>
> 主题: Re: [edk2-devel] [PATCH v3 00/20]
On Thu, May 23, 2024 at 10:44:52PM GMT, Doug Flick via groups.io wrote:
>
> REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
>
> This patch series patches the following CVEs:
> - CVE-2023-45236: Predictable TCP Initial Sequence Numbers
> -
Doug:
What’s impact if no EFI_HASH2_PROTOCOL? Does network boot work or not?
Thanks
Liming
发件人: devel@edk2.groups.io 代表 Doug Flick via groups.io
发送时间: 2024年5月25日 0:51
收件人: gaoliming ; devel@edk2.groups.io
主题: Re: [edk2-devel] 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg:
CVE-2023-45236
To be clear, it requires EFI_RNG_PROTOCOL and EFI_HASH2_PROTOCOL. Both should
be mentioned in the release notes
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119260): https://edk2.groups.io/g/devel/message/119260
Mute This Topic: https:
收件人: devel@edk2.groups.io; kra...@redhat.com; 'Ard Biesheuvel'
>
> 抄送: dougfl...@microsoft.com; 'Michael D Kinney'
> ; 'Andrew Fish' ;
> quic_llind...@quicinc.com
> 主题: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
&
@edk2.groups.io; gaolim...@byosoft.com.cn;
> dougfl...@microsoft.com; Michael D Kinney ;
> Andrew Fish ; quic_llind...@quicinc.com
> 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wro
On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wrote:
> On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
> wrote:
> >
> > Ard:
> > Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that includes
> > 20 commits. You can check them.
> >
>
> This looks fine to me in princip
On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
wrote:
>
> Ard:
> Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that includes
> 20 commits. You can check them.
>
This looks fine to me in principle.
Reviewed-by: Ard Biesheuvel
However, IIUC, the impact of this series is t
a...@redhat.com; Michael D Kinney
> ; Andrew Fish ;
> quic_llind...@quicinc.com
> 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> On Fri, 24 May 2024 at 09:01, gaoliming via groups.io
> wrote:
> >
> > Ard and Gerd:
On Fri, 24 May 2024 at 09:01, gaoliming via groups.io
wrote:
>
> Ard and Gerd:
> Doug updated this patch set based on your suggestion. Could you give
> reviewed-by or acked-by for the changes in OvmfPkg and ArmVirtPkg if you
> have no other comments?
>
I see ~60 patches from Doug, seemingly 3 c
年5月24日 13:45
> 收件人: devel@edk2.groups.io
> 抄送: Liming Gao
> 主题: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
>
>
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-
edk-ii-
> ipv6-network-stack.html
>
> Th
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch the
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch thes
18 matches
Mail list logo