-
Notifications
You must be signed in to change notification settings - Fork 344
EDK II CVE information
John Mathews edited this page Sep 12, 2024
·
2 revisions
- Bugzilla: BZ 4542
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202405
- Commit(s) where fixed: Push #5582: available WW21 (12 applicable commits for Intel-based platforms)
- Important: Due to new DEPEXs added in NetworkPkg to DxeNetLib.inf (gEfiRngProtocolGuid) and TcpDxe.inf (gEfiHash2ServiceBindingProtocolGuid), please ensure your platform has RngDxe.inf and Hash2CryptoDxe.inf included in your FDF/DSC files for full Network functionality.
- Note: NetworkPkg Bug 09
- Note: Adds new platform dependency (See Update Note and Edk2 Devel #119227)
- Bugzilla: BZ 4541
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202405
- Commit(s) where fixed: Push #5582: available WW21 (12 applicable commits for Intel-based platforms)
- Important: Due to new DEPEXs added in NetworkPkg to DxeNetLib.inf (gEfiRngProtocolGuid) and TcpDxe.inf (gEfiHash2ServiceBindingProtocolGuid), please ensure your platform has RngDxe.inf and Hash2CryptoDxe.inf included in your FDF/DSC files for full Network functionality.
- Note: NetworkPkg Bug 08
- Note: Adds new platform dependency (See Update Note and Edk2 Devel #119227)
- Bugzilla: BZ 4540
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5352: available WW06
- Note: NetworkPkg Bug 07
- Bugzilla: BZ 4539
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5352: available WW06
- Note: NetworkPkg Bug 06
- Bugzilla: BZ 4538
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5352: available WW06
- Note: NetworkPkg Bug 05
- Bugzilla: BZ 4537
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5352: available WW06
- Note: NetworkPkg Bug 04
- Bugzilla: BZ 4536
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5352: available WW06
- Note: NetworkPkg Bug 03
- Bugzilla: BZ 4535
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5352: available WW06
- Note: NetworkPkg Bug 02
- Bugzilla: BZ 4534
- GHSA-hc6x-cw6p-gj7h
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5352: available WW06
- Note: NetworkPkg Bug 01
- Bugzilla: BZ 4166
- GHSA-ch4w-v7m3-g8wx
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Push #5252: available January 16
- Note: HOB issue
- Bugzilla: BZ 4118
- GHSA-4hcq-p8q8-hj8j
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Both Push #5264 and Push #5273 (last 3 commits)
- Note: TCG related
- Bugzilla: BZ 4117
- GHSA-xvv8-66cq-prwr
- Stable Tag where fixed: 202402
- Commit(s) where fixed: Both Push #5264 and Push #5273 (last 3 commits)
- Note: TCG related
- Bugzilla: BZ 3387
- Stable Tag where fixed: 202211
- Commit(s) where fixed: cab1f02565d3b29081dd21afb074f35fdb4e1fd6
- Bugzilla: BZ 3499
- Stable Tag where fixed: 202302
- Commit(s) where fixed: 1. Push #1968: sample code in SecurityPkg for TcgPlatformDxe/PEI, 2. Push #2034: OvmfPkg support for disabling the TPM 2 platform hierarchy, (Note: There is also an example platform implementation available in edk2-platforms)
- Bugzilla: BZ 3356
- Stable Tag where fixed: 202108
- Commit(s) where fixed: Push #1698
- Bugzilla: BZ 1866
- Stable Tag where fixed: 201905
- Commit(s) where fixed: d55d9d0664366efe731db461e14c6fc380fca776 (removed NetworkPkg/IpSecDxe driver per BZ 1697)
- Bugzilla: BZ 1816
- Stable Tag where fixed: 202011
- Commit(s) where fixed: 6aeaea14e97f2a36f07ccd4fd2ffb971d68b3b0a
- Bugzilla: BZ 1743
- Stable Tag where fixed: 202011
- Commit(s) where fixed: Push #1137
- Bugzilla: BZ 1989
- Stable Tag where fixed: 202002
- Commit(s) where fixed: e36d5ac7d10a6ff5becb0f52fdfd69a1752b0d14
- Bugzilla: BZ 1995
- Stable Tag where fixed: 202002
- Commit(s) where fixed: c32be82e99ef272e7fa742c2f06ff9a4c3756613
- Bugzilla: BZ 1914
- Stable Tag where fixed: 202011
- Commit(s) where fixed: 26442d11e620a9e81c019a24a4ff38441c64ba10
- Bugzilla: BZ 1608
- Stable Tag where fixed: 202002
- Commit(s) where fixed: BZ Comment 60 is “Pushed fbb9607223...c230c002ac” with 10 results from search:
- c230c002accc4281ccc57bba7153a9b2d9b9ccd3
- cb30c8f25162e6d8142c6b098f14c1e4e7f125ce
- fbb96072233b5eaecf4d229cbee47b13dcab39e1
- 5cd8be6079ea7e5638903b2f3da0f4c10ec7f1da
- c13742b180095e5181e41dffda954581ecbd9b9c
- b1c11470598416c89c67b75c991fd0773bcbab9d
- a83dbf008cc73406cbdc0d5ac3164cc19fff6683
- adc6898366298d1f64b91785e50095527f682758
- 929d1a24d12822942fd4f9fa83582e27f92de243
- 9e569700901857d0ba418ebdd30b8086b908688c
- Bugzilla: BZ 2001
- Stable Tag where fixed: 202011
- Commit(s) where fixed: 322ac05f8bbc1bce066af1dabd1b70ccdbe28891
- Bugzilla: BZ 2215
- Stable Tag where fixed: 202008
- Commit(s) where fixed: 0b143fa43e92be15d11e22f80773bcb1b2b0608f
- Bugzilla: BZ 2031
- Stable Tag where fixed: 202002
- Commit(s) where fixed: 1d3215fd24f47eaa4877542a59b4bbf5afc0cfe8
- Bugzilla: BZ 960
- Stable Tag where fixed: 201911
- Commit(s) where fixed: BZ Comment 47 is “Pushed as commit range b15646484eaf..e2fc50812895” with 8 results from search:
- e2fc50812895b17e8b23f5a9c43cde29531b200f
- 703e7ab21ff8fda9ababf7751d59bd28ad5da947
- 2ca74e1a175232cc201798e27437700adc7fb07e
- 8d16ef8269b2ff373d8da674e59992adfdc032d3
- 1e72b1fb2ec597caedb5170079bb213f6d67f32a
- 2ac41c12c0d4b3d3ee8f905ab80da019e784de00
- eb520d94dba7369d1886cd5522d5a2c36fb02209
- 31efec82796cb950e99d1622aa9c0eb8380613a0
- Bugzilla: BZ 686
- Stable Tag where fixed: Pre-Stable Tags: Edk2-master (2018), UDK2018, UDK2017, UDK2015
- Commit(s) where fixed: BZ Comment 10 is “Fix it in
edk2 master
2ec7953d49677142c5f7552e9e3d96fb406ba0c4..041d89bc0f0119df37a5fce1d0f16495ff905089 edk2 UDK2018
fb72f6fd6f1c4130f0d0037f33a5153fe9fdb322..96c32854ad69cb7cc983165926d58049f7ab27cc edk2 UDK2017
167e6e48af8dfd558aa3c7497959092d58b26d54..1d707a02d86e5f43cf0ed2cd43f7583a8d7a39db edk2 UDK2015 ee9ec6e6426f8f36bb9cd1301eb836959ef1412e..551888b06a1987b9db5040e10cdde5be34236653 with 3 results from search:
- 041d89bc0f0119df37a5fce1d0f16495ff905089
- 684db6da64bc7b5faee4e1174e801c245f563b5c
- 2ec7953d49677142c5f7552e9e3d96fb406ba0c4
CVE-2014-8271, CERT CC VU# 533140
- Bugzilla: Pre-BZ, Tianocore SA 17
- Stable Tag where fixed: Pre-Stable Tags: UDK2015 +
- Commit(s) where fixed: Originally: https://sourceforge.net/p/edk2/code/16280/, https://github.com/tianocore/edk2/commit/6ebffb67c8eca68cf5eb36bd308b305ab84fdd99
CVE-2014-4860, CERT CC VU# 552286
- Bugzilla: Pre-BZ, Tianocore SA 15
- Stable Tag where fixed: Pre-Stable Tags: UDK2015 +
- Commit(s) where fixed: Originally: https://sourceforge.net/p/edk2/code/15137, https://github.com/tianocore/edk2/commit/ff284c56a11a9a9b32777c91bc069093d5b5d8a9
CVE-2014-4859, CERT CC VU# 552286
- Bugzilla: Pre-BZ, Tianocore SA 15
- Stable Tag where fixed: Pre-Stable Tags: UDK2015 +
- Commit(s) where fixed: Originally: https://sourceforge.net/p/edk2/code/15136, https://github.com/tianocore/edk2/commit/3a1966c4e2f04374178872b064c3a8e42a0eb776
Home
Getting Started with EDK II
Build Instructions
EDK II Platforms
EDK II Documents
EDK II Release Planning
Reporting Issues
Reporting Security Issues
Community Information
Inclusive Language
Additional Projects & Tasks
Training
Community Support
Community Virtual Meetings
GHSA GitHub Security Advisories Proceess (Draft)