Bug 1196741 (CVE-2021-38578) - VUL-0: CVE-2021-38578: ovmf: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
Summary: VUL-0: CVE-2021-38578: ovmf: Existing CommBuffer checks in SmmEntryPoint will...
Status: RESOLVED FIXED
Alias: CVE-2021-38578
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/325304/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-38578:7.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-04 08:14 UTC by Alexander Bergmann
Modified: 2024-05-17 11:15 UTC (History)
10 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-03-04 08:14:54 UTC
CVE-2021-38578

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when
computing BufferSize.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38578
http://www.cvedetails.com/cve/CVE-2021-38578/
https://bugzilla.tianocore.org/show_bug.cgi?id=3387
Comment 2 Cathy Hu 2022-08-11 10:48:48 UTC
https://edk2.groups.io/g/devel/message/90516
Comment 3 Cathy Hu 2022-08-11 10:57:37 UTC
I think from the link in comment #2 that it means all affected:
- SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f   
- SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46
- SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5
- SUSE:SLE-15-SP2:Update/ovmf  201911                       
- SUSE:SLE-15-SP3:Update/ovmf  202008                       
- SUSE:SLE-15-SP4:Update/ovmf  202202                       
- SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5
- openSUSE:Factory/ovmf        202202
Comment 4 Gabriele Sonnu 2022-09-07 07:44:53 UTC
Hi Joey, any update on this?
Comment 5 Joey Lee 2022-09-07 15:40:08 UTC
Thanks for Hu's information.

(In reply to Hu from comment #2)
> https://edk2.groups.io/g/devel/message/90516

This patch is not merged yet. I have tried to access the tianocore bug, but I am not authorized to access it: 

https://bugzilla.tianocore.org/show_bug.cgi?id=3387
Comment 6 Thomas Leroy 2022-09-29 14:31:44 UTC
Upstream PR still not merged yet:
https://github.com/tianocore/edk2/pull/2976/files
Comment 8 Joey Lee 2022-10-26 09:40:31 UTC
Upstream PR still not merged yet:
https://github.com/tianocore/edk2/pull/2976/files

I still do not have access right for bto#3387. So I can not check the progress:

https://bugzilla.tianocore.org/show_bug.cgi?id=3387
Comment 13 Joey Lee 2023-04-13 03:46:09 UTC
(In reply to Gianluca Gabrielli from comment #12)
> Hi Joey, do you have any update on that?

Thanks for reminder. I am working on backporting patch:

commit cab1f02565d3b29081dd21afb074f35fdb4e1fd6
Author: Miki Demeter <miki.demeter@intel.com>
Date:   Thu Oct 27 16:20:54 2022 -0700

    MdeModulePkg/PiSmmCore: SmmEntryPoint underflow (CVE-2021-38578)
Comment 14 Joey Lee 2023-04-14 10:02:24 UTC
Updated status:

- SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f
- SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46
- SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5
- SUSE:SLE-15-SP2:Update/ovmf  201911
- SUSE:SLE-15-SP3:Update/ovmf  202008           [sent, IBS SR#294609]
- SUSE:SLE-15-SP4:Update/ovmf  202202
- SUSE:SLE-15-SP5:GA           202208           [sent, IBS SR#294608]
- SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5
- openSUSE:Factory/ovmf        202302           [OK]    

15-SP3/ovmf submitreq:

https://build.suse.de/request/show/294609

15-SP5/ovmf submitreq:

https://build.suse.de/request/show/294608
Comment 16 Joey Lee 2023-04-14 15:26:15 UTC
(In reply to Joey Lee from comment #14)
> Updated status:
> 
> - SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f
> - SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46
> - SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5
> - SUSE:SLE-15-SP2:Update/ovmf  201911
> - SUSE:SLE-15-SP3:Update/ovmf  202008           [sent, IBS SR#294609]
> - SUSE:SLE-15-SP4:Update/ovmf  202202
> - SUSE:SLE-15-SP5:GA           202208           [sent, IBS SR#294608]
> - SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5
> - openSUSE:Factory/ovmf        202302           [OK]    
> 
> 15-SP3/ovmf submitreq:
> 
> https://build.suse.de/request/show/294609
> 
> 15-SP5/ovmf submitreq:
> 
> https://build.suse.de/request/show/294608

Update submitreq number.

15-SP3/ovmf submitreq:
https://build.suse.de/request/show/294651
Comment 17 Joey Lee 2023-04-14 15:29:35 UTC
(In reply to Joey Lee from comment #16)
> (In reply to Joey Lee from comment #14)
> > Updated status:
> > 
> > - SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f
> > - SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46
> > - SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5
> > - SUSE:SLE-15-SP2:Update/ovmf  201911
> > - SUSE:SLE-15-SP3:Update/ovmf  202008           [sent, IBS SR#294609]
> > - SUSE:SLE-15-SP4:Update/ovmf  202202
> > - SUSE:SLE-15-SP5:GA           202208           [sent, IBS SR#294608]
> > - SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5
> > - openSUSE:Factory/ovmf        202302           [OK]    
> > 
> > 15-SP3/ovmf submitreq:
> > 
> > https://build.suse.de/request/show/294609
> > 
> > 15-SP5/ovmf submitreq:
> > 
> > https://build.suse.de/request/show/294608
> 
> Update submitreq number.
> 
> 15-SP3/ovmf submitreq:
> https://build.suse.de/request/show/294651

15-SP5/ovmf submitreq:
https://build.suse.de/request/show/294652
Comment 22 Joey Lee 2023-04-19 08:20:15 UTC
Updated status:

- SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f       [sent, IBS SR#295124]
- SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46    [sent, IBS SR#295116]
- SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5    [sent, IBS SR#295104]
- SUSE:SLE-15-SP2:Update/ovmf  201911           [accepted, IBS SR#294942]
- SUSE:SLE-15-SP3:Update/ovmf  202008           [accepted, IBS SR#294651]
- SUSE:SLE-15-SP4:Update/ovmf  202202
- SUSE:SLE-15-SP5:GA           202208           [sent, IBS SR#294652]
- SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5    [accepted, IBS SR#295084]
- openSUSE:Factory/ovmf        202302           [OK]
Comment 24 Maintenance Automation 2023-04-19 20:30:03 UTC
SUSE-SU-2023:1921-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1174246, 1196741
CVE References: CVE-2019-14560, CVE-2021-38578
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): ovmf-201911-150200.7.27.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): ovmf-201911-150200.7.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): ovmf-201911-150200.7.27.1
SUSE Enterprise Storage 7 (src): ovmf-201911-150200.7.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Maintenance Automation 2023-04-21 12:30:08 UTC
SUSE-SU-2023:1941-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1174246, 1196741
CVE References: CVE-2019-14560, CVE-2021-38578
Sources used:
SUSE OpenStack Cloud 9 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2
SUSE OpenStack Cloud Crowbar 9 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2
SUSE Linux Enterprise Server 12 SP5 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): ovmf-2017+git1510945757.b2662641d5-3.41.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2023-04-21 12:30:10 UTC
SUSE-SU-2023:1940-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1174246, 1196741
CVE References: CVE-2019-14560, CVE-2021-38578
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): ovmf-2017+git1510945757.b2662641d5-150000.5.46.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): ovmf-2017+git1510945757.b2662641d5-150000.5.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): ovmf-2017+git1510945757.b2662641d5-150000.5.46.1
SUSE CaaS Platform 4.0 (src): ovmf-2017+git1510945757.b2662641d5-150000.5.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Maintenance Automation 2023-04-24 12:30:05 UTC
SUSE-SU-2023:1958-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1174246, 1196741
CVE References: CVE-2019-14560, CVE-2021-38578
Sources used:
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): ovmf-202008-150300.10.20.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): ovmf-202008-150300.10.20.1
SUSE Linux Enterprise Real Time 15 SP3 (src): ovmf-202008-150300.10.20.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): ovmf-202008-150300.10.20.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): ovmf-202008-150300.10.20.1
SUSE Manager Proxy 4.2 (src): ovmf-202008-150300.10.20.1
SUSE Manager Retail Branch Server 4.2 (src): ovmf-202008-150300.10.20.1
SUSE Manager Server 4.2 (src): ovmf-202008-150300.10.20.1
SUSE Enterprise Storage 7.1 (src): ovmf-202008-150300.10.20.1
SUSE Linux Enterprise Micro 5.1 (src): ovmf-202008-150300.10.20.1
SUSE Linux Enterprise Micro 5.2 (src): ovmf-202008-150300.10.20.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): ovmf-202008-150300.10.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Maintenance Automation 2023-04-24 16:30:06 UTC
SUSE-SU-2023:1968-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1174246, 1196741
CVE References: CVE-2019-14560, CVE-2021-38578
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): ovmf-2015+git1462940744.321151f-19.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Joey Lee 2023-05-13 07:23:13 UTC
(In reply to Joey Lee from comment #22)
> Updated status:
> 
> - SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f       [sent, IBS
> SR#295124]
> - SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46    [sent, IBS
> SR#295116]
> - SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5    [sent, IBS
> SR#295104]
> - SUSE:SLE-15-SP2:Update/ovmf  201911           [accepted, IBS SR#294942]
> - SUSE:SLE-15-SP3:Update/ovmf  202008           [accepted, IBS SR#294651]
> - SUSE:SLE-15-SP4:Update/ovmf  202202
> - SUSE:SLE-15-SP5:GA           202208           [sent, IBS SR#294652]
> - SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5    [accepted,
> IBS SR#295084]
> - openSUSE:Factory/ovmf        202302           [OK]

Updated status:

- SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f       [accepted, IBS SR#295124]
- SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46    [accepted, IBS SR#295116]
- SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5    [accepted, IBS SR#295104]
- SUSE:SLE-15-SP2:Update/ovmf  201911           [accepted, IBS SR#294942]
- SUSE:SLE-15-SP3:Update/ovmf  202008           [accepted, IBS SR#294651]
- SUSE:SLE-15-SP4:Update/ovmf  202202           [sent, IBS SR#298094]
- SUSE:SLE-15-SP5:GA           202208           [accepted, IBS SR#294652]
- SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5    [accepted, IBS SR#295084]
- openSUSE:Factory/ovmf        202302           [OK]
Comment 32 Maintenance Automation 2023-05-17 16:30:26 UTC
SUSE-SU-2023:2234-1: An update that solves two vulnerabilities and has one fix can now be installed.

Category: security (important)
Bug References: 1174246, 1196741, 1205613
CVE References: CVE-2019-14560, CVE-2021-38578
Sources used:
openSUSE Leap Micro 5.3 (src): ovmf-202202-150400.5.10.1
openSUSE Leap 15.4 (src): ovmf-202202-150400.5.10.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): ovmf-202202-150400.5.10.1
SUSE Linux Enterprise Micro 5.3 (src): ovmf-202202-150400.5.10.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): ovmf-202202-150400.5.10.1
SUSE Linux Enterprise Micro 5.4 (src): ovmf-202202-150400.5.10.1
Server Applications Module 15-SP4 (src): ovmf-202202-150400.5.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Joey Lee 2023-06-21 03:21:21 UTC
(In reply to Joey Lee from comment #30)
> (In reply to Joey Lee from comment #22)
> > Updated status:
> > 
> > - SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f       [sent, IBS
> > SR#295124]
> > - SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46    [sent, IBS
> > SR#295116]
> > - SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5    [sent, IBS
> > SR#295104]
> > - SUSE:SLE-15-SP2:Update/ovmf  201911           [accepted, IBS SR#294942]
> > - SUSE:SLE-15-SP3:Update/ovmf  202008           [accepted, IBS SR#294651]
> > - SUSE:SLE-15-SP4:Update/ovmf  202202
> > - SUSE:SLE-15-SP5:GA           202208           [sent, IBS SR#294652]
> > - SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5    [accepted,
> > IBS SR#295084]
> > - openSUSE:Factory/ovmf        202302           [OK]
> 
> Updated status:
> 
> - SUSE:SLE-12-SP2:Update/ovmf  2015+git1462940744.321151f       [accepted,
> IBS SR#295124]
> - SUSE:SLE-12-SP3:Update/ovmf  2017+git1492060560.b6d11d7c46    [accepted,
> IBS SR#295116]
> - SUSE:SLE-12-SP4:Update/ovmf  2017+git1510945757.b2662641d5    [accepted,
> IBS SR#295104]
> - SUSE:SLE-15-SP2:Update/ovmf  201911           [accepted, IBS SR#294942]
> - SUSE:SLE-15-SP3:Update/ovmf  202008           [accepted, IBS SR#294651]
> - SUSE:SLE-15-SP4:Update/ovmf  202202           [sent, IBS SR#298094]
> - SUSE:SLE-15-SP5:GA           202208           [accepted, IBS SR#294652]
> - SUSE:SLE-15:Update/ovmf      2017+git1510945757.b2662641d5    [accepted,
> IBS SR#295084]
> - openSUSE:Factory/ovmf        202302           [OK]

update status:

- SUSE:SLE-15-SP4:Update/ovmf  202202           [accepted, IBS SR#298094]

All versions are fixed. reset assigner.
Comment 34 Marcus Meissner 2024-05-17 11:15:54 UTC
done