Bugzilla – Bug 1163959
VUL-1: CVE-2019-14563: ovmf: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib may lead to memory corruption
Last modified: 2020-07-10 14:50:10 UTC
rh#1758620 It is possible for S3BootScriptLib APIs to cause numeric truncations that may lead to S3 boot script entry with wrong size being returned. This may lead to memory corruption. Affected functions: S3BootScriptSaveIoWrite S3BootScriptSaveMemWrite S3BootScriptSavePciCfgWrite S3BootScriptSavePciCfg2Write S3BootScriptSaveSmbusExecute S3BootScriptSaveInformation S3BootScriptSaveInformationAsciiString S3BootScriptLabel (happen in S3BootScriptLabelInternal()) References: https://bugzilla.redhat.com/show_bug.cgi?id=1758620 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14563 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14563.html
Tracked as affected the following codestreams: SLE12-SP2,3,4 SLE15 The upstream issue can be found at [1] which contains instructions to reproduce at comment 5. The fix commit is located at [2] [1] https://bugzilla.tianocore.org/show_bug.cgi?id=2001 [2] https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
The fix is submitted.
SUSE-SU-2020:0495-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1077330,1094291,1163927,1163959,1163969 CVE References: CVE-2018-0739,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575 Sources used: SUSE OpenStack Cloud 7 (src): ovmf-2015+git1462940744.321151f-19.10.3 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ovmf-2015+git1462940744.321151f-19.10.3 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ovmf-2015+git1462940744.321151f-19.10.3 SUSE Linux Enterprise Server 12-SP2-BCL (src): ovmf-2015+git1462940744.321151f-19.10.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0568-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1153072,1163927,1163959,1163969 CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): ovmf-2017+git1510945757.b2662641d5-5.29.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0314-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1153072,1163927,1163959,1163969 CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575 Sources used: openSUSE Leap 15.1 (src): ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
SUSE-SU-2020:0699-1: An update that fixes four vulnerabilities is now available. Category: security (low) Bug References: 1153072,1163927,1163959,1163969 CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): ovmf-2017+git1510945757.b2662641d5-3.23.1 SUSE Linux Enterprise Server 12-SP4 (src): ovmf-2017+git1510945757.b2662641d5-3.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done