* [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob()
@ 2024-01-11 5:15 Guo, Gua
0 siblings, 0 replies; 3+ messages in thread
From: Guo, Gua @ 2024-01-11 5:15 UTC (permalink / raw)
To: devel; +Cc: gua.guo
From: Gua Guo <gua.guo@intel.com>
Fix Integer Overflow for CVE-2022-36765
1. UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
2. StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
3. EmbeddedPkg/Hob: Integer Overflow in CreateHob()
4. MdeModulePkg/Hob: Integer Overflow in CreateHob()
Gerd Hoffmann (4):
UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Hob: Integer Overflow in CreateHob()
MdeModulePkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Library/PrePiHobLib/Hob.c | 6 ++++++
MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +-
.../StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c | 6 ++++++
UefiPayloadPkg/Library/PayloadEntryHobLib/Hob.c | 6 ++++++
4 files changed, 19 insertions(+), 1 deletion(-)
--
2.39.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113576): https://edk2.groups.io/g/devel/message/113576
Mute This Topic: https://groups.io/mt/103657270/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob()
[not found] <17A9331C4FE606BC.28944@groups.io>
@ 2024-01-11 8:35 ` Guo, Gua
2024-01-11 8:43 ` Ard Biesheuvel
0 siblings, 1 reply; 3+ messages in thread
From: Guo, Gua @ 2024-01-11 8:35 UTC (permalink / raw)
To: devel@edk2.groups.io, Guo, Gua, Gerd Hoffmann, Mathews, John,
Zimmer, Vincent
Cc: ardb+tianocore@kernel.org
CC: @Mathews, John and @Zimmer, Vincent
Hi @Gerd Hoffmann
My company teammate share me your patch can resolved https://bugzilla.tianocore.org/show_bug.cgi?id=4166. So the signed-off name is your name.
If you have any concern, you can also share for me, if you don't have concern please also let me know, before merging it.
It's PR https://github.com/tianocore/edk2/pull/5252/
Thanks,
Gua
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guo, Gua
Sent: Thursday, January 11, 2024 1:15 PM
To: devel@edk2.groups.io
Cc: Guo, Gua <gua.guo@intel.com>
Subject: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob()
From: Gua Guo <gua.guo@intel.com>
Fix Integer Overflow for CVE-2022-36765
1. UefiPayloadPkg/Hob: Integer Overflow in CreateHob() 2. StandaloneMmPkg/Hob: Integer Overflow in CreateHob() 3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() 4. MdeModulePkg/Hob: Integer Overflow in CreateHob()
Gerd Hoffmann (4):
UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Hob: Integer Overflow in CreateHob()
MdeModulePkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Library/PrePiHobLib/Hob.c | 6 ++++++
MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +-
.../StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c | 6 ++++++
UefiPayloadPkg/Library/PayloadEntryHobLib/Hob.c | 6 ++++++
4 files changed, 19 insertions(+), 1 deletion(-)
--
2.39.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113593): https://edk2.groups.io/g/devel/message/113593
Mute This Topic: https://groups.io/mt/103657270/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob()
2024-01-11 8:35 ` [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob() Guo, Gua
@ 2024-01-11 8:43 ` Ard Biesheuvel
0 siblings, 0 replies; 3+ messages in thread
From: Ard Biesheuvel @ 2024-01-11 8:43 UTC (permalink / raw)
To: devel, gua.guo; +Cc: Gerd Hoffmann, Mathews, John, Zimmer, Vincent
On Thu, 11 Jan 2024 at 09:35, Guo, Gua <gua.guo@intel.com> wrote:
>
> CC: @Mathews, John and @Zimmer, Vincent
>
> Hi @Gerd Hoffmann
>
> My company teammate share me your patch can resolved https://bugzilla.tianocore.org/show_bug.cgi?id=4166. So the signed-off name is your name.
>
Again, a signed-off-by line is *not* a statement of authorship. You
*cannot* add it on someone else's behalf if you want to credit the
author.
A signed-off-by line is a statement by the contributor of the code to
indicate that the contributed code is made available under conditions
that are in agreement with the open source license of the project.
If you want to credit the author, you can mention their name in the
commit log, or add some other tag (authored-by, for example).
If you want to contribute code by another author, and you know you are
able to do so under the terms, you should indicate so by adding your
own signed-off line to the patch.
Thanks,
Ard.
> If you have any concern, you can also share for me, if you don't have concern please also let me know, before merging it.
>
> It's PR https://github.com/tianocore/edk2/pull/5252/
>
> Thanks,
> Gua
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guo, Gua
> Sent: Thursday, January 11, 2024 1:15 PM
> To: devel@edk2.groups.io
> Cc: Guo, Gua <gua.guo@intel.com>
> Subject: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob()
>
> From: Gua Guo <gua.guo@intel.com>
>
> Fix Integer Overflow for CVE-2022-36765
> 1. UefiPayloadPkg/Hob: Integer Overflow in CreateHob() 2. StandaloneMmPkg/Hob: Integer Overflow in CreateHob() 3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() 4. MdeModulePkg/Hob: Integer Overflow in CreateHob()
>
>
> Gerd Hoffmann (4):
> UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
> StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
> EmbeddedPkg/Hob: Integer Overflow in CreateHob()
> MdeModulePkg/Hob: Integer Overflow in CreateHob()
>
> EmbeddedPkg/Library/PrePiHobLib/Hob.c | 6 ++++++
> MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +-
> .../StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c | 6 ++++++
> UefiPayloadPkg/Library/PayloadEntryHobLib/Hob.c | 6 ++++++
> 4 files changed, 19 insertions(+), 1 deletion(-)
>
> --
> 2.39.2.windows.1
>
>
>
>
>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113594): https://edk2.groups.io/g/devel/message/113594
Mute This Topic: https://groups.io/mt/103657270/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-11 8:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <17A9331C4FE606BC.28944@groups.io>
2024-01-11 8:35 ` [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob() Guo, Gua
2024-01-11 8:43 ` Ard Biesheuvel
2024-01-11 5:15 Guo, Gua
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox