Summary
Integer overflows in PeCoffLoaderRelocateImage() may cause memory corruption.
This vulnerability was originally reported at https://bugzilla.tianocore.org/show_bug.cgi?id=1993.
Details
In BasePeCoff.c, check to see if in the PeCoffLoaderRelocateImage() does RelocDir→VirtualAddress + ReloDir→Size - 1 inside a function call.
Impact
An Attacker may cause memory corruption due to an overflow. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
Mitigation release plan
Patch files are available now via https://bugzilla.tianocore.org/show_bug.cgi?id=1993.
The patch will be integrated in a future 2024 EDK2 release.
Pull Request
Summary
Integer overflows in PeCoffLoaderRelocateImage() may cause memory corruption.
This vulnerability was originally reported at https://bugzilla.tianocore.org/show_bug.cgi?id=1993.
Details
In BasePeCoff.c, check to see if in the PeCoffLoaderRelocateImage() does RelocDir→VirtualAddress + ReloDir→Size - 1 inside a function call.
Impact
An Attacker may cause memory corruption due to an overflow. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
Mitigation release plan
Patch files are available now via https://bugzilla.tianocore.org/show_bug.cgi?id=1993.
The patch will be integrated in a future 2024 EDK2 release.
Pull Request