From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.115; helo=mga14.intel.com;
 envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4B77A2118EF7E
 for <edk2-devel@lists.01.org>; Thu, 15 Nov 2018 20:12:46 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 15 Nov 2018 20:12:46 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,239,1539673200"; d="scan'208";a="106722827"
Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.9])
 by fmsmga004.fm.intel.com with ESMTP; 15 Nov 2018 20:12:44 -0800
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Star Zeng <star.zeng@intel.com>,
 Chao Zhang <chao.b.zhang@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Laszlo Ersek <lersek@redhat.com>
Date: Fri, 16 Nov 2018 12:12:40 +0800
Message-Id: <20181116041242.37604-1-hao.a.wu@intel.com>
X-Mailer: git-send-email 2.12.0.windows.1
Subject: [PATCH v2 0/2][UDK branches][CVE-2017-5753] Additional Bounds Check Bypass issue in SMI handlers
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2018 04:12:47 -0000

V2 changes:

Add the missing information in the commit message for patch 1/2.


V1 history:

The series aims to mitigate the Bounds Check Bypass (CVE-2017-5753) issues
within SMI handlers. Moreover, this series focuses on those SMI handlers
that exist on the UDK branches but not on the master branch.

Patch 1/2 will be applied on the below UDK branches:
UDK2017
UDK2015
UDK2014.SP1

Patch 2/2 will be applied on the below UDK branches:
UDK2017
UDK2015

A more detailed explanation of the purpose of the series is under the
'Bounds check bypass mitigation' section of the below link:
https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation

And the document at:
https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf

Cc: Star Zeng <star.zeng@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>

Hao Wu (2):
  MdeModulePkg/SmmCorePerfLib: [CVE-2017-5753] Fix bounds check bypass
  SecurityPkg/OpalPWSupportLib: [CVE-2017-5753] Fix bounds check bypass

 MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c  | 16 +++++++++++++++-
 SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.c |  7 ++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

-- 
2.12.0.windows.1