From: "Doug Flick via groups.io" <dougflick=microsoft.com@groups.io>
To: devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg
Date: Mon, 12 Feb 2024 09:14:58 -0800 [thread overview]
Message-ID: <CAFV7jSX-DyvqqJ5QkBZaCOzek1yhwHGoDSa8nib_bk=jaGFqoA@mail.gmail.com> (raw)
In-Reply-To: <cover.1707534069.git.doug.edk2@gmail.com>
Additional details requested for why this change should go in this
release after the code freeze.
1. The additional security concern refers to 4673 – edk2/NetworkPkg:
Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6
Advertise message (tianocore.org). Which was seen as:
"[...] this is very closely related to CVE-2023-45229, which is
already public, see no need to embargo. Making this BZ public.
CVE-2023-45229 was very recently mitigated under BZ 4518. We Will fix
this as an enhancement to the patches for BZ 4518."
While no PoC exists for this bug of an abundance of caution, it's
critical that this "enhancement" make it into the release
2. Corrects an incorrect offset
- StsCode = NTOHS (ReadUnaligned16 ((UINT16
*)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
+ StsCode = NTOHS (ReadUnaligned16 ((UINT16
*)(DHCP6_OFFSET_OF_STATUS_CODE (Option))));
3. Adds the additional commits to a security yaml file so downstream
consumer may find the commits and ensure they have the patches - or
have the commits so they can cherry pick them appropriately.
On Fri, Feb 9, 2024 at 6:04 PM Douglas Flick [MSFT] <doug.edk2@gmail.com> wrote:
>
> After talking with Micheal Kinney, I was advised to resend
> these with edk2-stable202402, and CC Stewards.
>
> These patches are time sensitive and need reviews.
>
> This patch series corrects an additional security concern
> found in Dhc6Dxe related to CVE-2023-45229.
>
> Additionally this fixes some issues on the mailing list
> that were not pulled in before merging into Edk2.
>
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Leif Lindholm <quic_llindhol@quicinc.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>
> Doug Flick (3):
> [edk2-stable202402] NetworkPkg: Dhcp6Dxe: SECURITY PATCH
> CVE-2023-45229 Related Patch
> [edk2-stable202402] NetworkPkg: Dhcp6Dxe: Additional Code Cleanup
> [edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml
>
> NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 232 +++++++++++++++++------------
> NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 20 +--
> NetworkPkg/SecurityFixes.yaml | 1 +
> 3 files changed, 141 insertions(+), 112 deletions(-)
>
> --
> 2.43.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115364): https://edk2.groups.io/g/devel/message/115364
Mute This Topic: https://groups.io/mt/104272125/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-02-12 17:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-10 3:04 [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg Doug Flick via groups.io
2024-02-10 3:04 ` [edk2-devel] [PATCH 1/3] [edk2-stable202402] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch Doug Flick via groups.io
2024-02-12 17:14 ` Saloni Kasbekar
2024-02-12 18:56 ` Leif Lindholm
2024-02-10 3:04 ` [edk2-devel] [PATCH 2/3] [edk2-stable202402] NetworkPkg: Dhcp6Dxe: Additional Code Cleanup Doug Flick via groups.io
2024-02-12 17:14 ` Saloni Kasbekar
2024-02-12 19:16 ` Leif Lindholm
2024-02-12 19:31 ` Doug Flick via groups.io
2024-02-10 3:04 ` [edk2-devel] [PATCH 3/3] [edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml Doug Flick via groups.io
2024-02-12 17:14 ` Saloni Kasbekar
2024-02-12 17:14 ` Doug Flick via groups.io [this message]
2024-02-12 17:17 ` [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg Saloni Kasbekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFV7jSX-DyvqqJ5QkBZaCOzek1yhwHGoDSa8nib_bk=jaGFqoA@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox