[edk2-devel] [PATCH v2 00/10] Fix false negative issue in DxeImageVerificationHandler
Wang, Jian J
jian.j.wang at intel.com
Fri Feb 14 07:27:35 UTC 2020
> v2 changes:
> - Change IsCertHashFoundInDatabase to IsCertHashFoundInDbx (patch 10)
> - Update result handling to all calling to IsCertHashFoundInDatabase
> to be consistent (patch 6)
> - Fix commit message and title length issue caught by PatchCheck tool
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
Patch branch: https://github.com/jwang36/edk2/tree/fix-bz1608-bypass-blacklist-check-via-signature-v2
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Chao Zhang <chao.b.zhang at intel.com>
Jian J Wang (9):
SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0
per DBX(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in
IsAllowedByDb(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching
dbx(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching
code(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: Differentiate error/search result
(1)(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: tighten default
result(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: Differentiate error/search result
(2)(CVE-2019-14575)
SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase
name(CVE-2019-14575)
Laszlo Ersek (1):
SecurityPkg/DxeImageVerificationLib: plug Data leak in
IsForbiddenByDbx()(CVE-2019-14575)
.../DxeImageVerificationLib.c | 291 ++++++++++++------
1 file changed, 198 insertions(+), 93 deletions(-)
--
2.24.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#54416): https://edk2.groups.io/g/devel/message/54416
Mute This Topic: https://groups.io/mt/71264897/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list