[ANNOUNCE] EFI Boot Guard 0.15 released
7 views
Skip to first unread message
Jan Kiszka
Aug 14, 2023, 7:37:06 AM8/14/23
to efibootguard-dev
Hi,
this is an important release as it fixes a vulnerability in our userland
tool set and library. CVE-2023-39950 [1] has been assigned to this
issue.
Insufficient or missing validation and sanitization of input from
untrustworthy bootloader environment files could cause crashes and
probably also code injections into bg_setenv or programs using
libebgenv. This was triggered when the affected components tried to
modify a manipulated environment, in particular its user variables.
SWUpdate in its default configuration for EFI Boot Guard does not fall
into that category, unless integrators have chosen to deviate from this.
Also not affected by this issue is EFI Boot Guard's bootloader EFI
binary.
In addition, several code cleanups have been performed, and also the
test suite has been improved along this.
Thanks to all contributors, specifically to Patrice from Code
Intelligence for finding the issue while enabling a fuzz-testing case
study with EFI Boot Guard!
Jan
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39950
Earl Chew (5):
Add LIBCHECK_CFLAGS to AM_CFLAGS
Refactor tests to support ENV_NUM_CONFIG_PARTS == 1
Verify fork() support
Clean up temporary directories
kernel-stub: Check for overflow when casting to VOID *
Jan Kiszka (8):
kernel-stub: Avoid warnings when converting buffer addresses to pointers
Fail build on warnings in efi sources
tools: Ensure that kernelfile and kernelparams are null-terminated
Introduce validation of bgenv prior to its usage
Fix memory leak in probe_config_partitions
Privatize bgenv_serialize_uservar and bgenv_uservar_[re]alloc
SECURITY: Expand the scope to userspace tools and libs
Bump version number
Michael Adler (8):
refactor: replace magic numbers with USTATE_MAX
fix: correctly parse ustate in journal_process_action
chore: ensure OPT macro fully initializes struct members
chore: fix compiler warning about unused parameters
chore: use function declaration from header
chore: enable more compiler warnings
chore: introduce editorconfig for consistent coding styles
test: load BGENV with manipulated payload size
--
Siemens AG, Technology
Linux Expert Center
this is an important release as it fixes a vulnerability in our userland
tool set and library. CVE-2023-39950 [1] has been assigned to this
issue.
Insufficient or missing validation and sanitization of input from
untrustworthy bootloader environment files could cause crashes and
probably also code injections into bg_setenv or programs using
libebgenv. This was triggered when the affected components tried to
modify a manipulated environment, in particular its user variables.
SWUpdate in its default configuration for EFI Boot Guard does not fall
into that category, unless integrators have chosen to deviate from this.
Also not affected by this issue is EFI Boot Guard's bootloader EFI
binary.
In addition, several code cleanups have been performed, and also the
test suite has been improved along this.
Thanks to all contributors, specifically to Patrice from Code
Intelligence for finding the issue while enabling a fuzz-testing case
study with EFI Boot Guard!
Jan
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39950
Earl Chew (5):
Add LIBCHECK_CFLAGS to AM_CFLAGS
Refactor tests to support ENV_NUM_CONFIG_PARTS == 1
Verify fork() support
Clean up temporary directories
kernel-stub: Check for overflow when casting to VOID *
Jan Kiszka (8):
kernel-stub: Avoid warnings when converting buffer addresses to pointers
Fail build on warnings in efi sources
tools: Ensure that kernelfile and kernelparams are null-terminated
Introduce validation of bgenv prior to its usage
Fix memory leak in probe_config_partitions
Privatize bgenv_serialize_uservar and bgenv_uservar_[re]alloc
SECURITY: Expand the scope to userspace tools and libs
Bump version number
Michael Adler (8):
refactor: replace magic numbers with USTATE_MAX
fix: correctly parse ustate in journal_process_action
chore: ensure OPT macro fully initializes struct members
chore: fix compiler warning about unused parameters
chore: use function declaration from header
chore: enable more compiler warnings
chore: introduce editorconfig for consistent coding styles
test: load BGENV with manipulated payload size
--
Siemens AG, Technology
Linux Expert Center
Reply all
Reply to author
Forward
0 new messages