Bug 1163959 - (CVE-2019-14563) VUL-1: CVE-2019-14563: ovmf: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib may lead to memory corruption
(CVE-2019-14563)
VUL-1: CVE-2019-14563: ovmf: numeric truncation in MdeModulePkg/PiDxeS3BootSc...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/252701/
CVSSv3.1:SUSE:CVE-2019-14563:5.3:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-02-17 14:59 UTC by Alexandros Toptsoglou
Modified: 2020-07-10 14:50 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-02-17 14:59:34 UTC
rh#1758620

It is possible for S3BootScriptLib APIs to cause numeric truncations that may lead to S3 boot script entry with wrong size being returned. This may lead to memory corruption.

Affected functions:
S3BootScriptSaveIoWrite
S3BootScriptSaveMemWrite
S3BootScriptSavePciCfgWrite
S3BootScriptSavePciCfg2Write
S3BootScriptSaveSmbusExecute
S3BootScriptSaveInformation
S3BootScriptSaveInformationAsciiString
S3BootScriptLabel (happen in S3BootScriptLabelInternal())

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1758620
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14563
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14563.html
Comment 1 Alexandros Toptsoglou 2020-02-17 15:06:33 UTC
Tracked as affected the following codestreams:

SLE12-SP2,3,4
SLE15 

The upstream issue can be found at [1] which contains instructions to reproduce at comment 5. The fix commit is located at [2] 


[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2001
[2] https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
Comment 6 Gary Ching-Pang Lin 2020-02-26 02:44:02 UTC
The fix is submitted.
Comment 7 Swamp Workflow Management 2020-02-26 20:11:54 UTC
SUSE-SU-2020:0495-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1077330,1094291,1163927,1163959,1163969
CVE References: CVE-2018-0739,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575
Sources used:
SUSE OpenStack Cloud 7 (src):    ovmf-2015+git1462940744.321151f-19.10.3
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    ovmf-2015+git1462940744.321151f-19.10.3
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    ovmf-2015+git1462940744.321151f-19.10.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    ovmf-2015+git1462940744.321151f-19.10.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-03-03 14:20:43 UTC
SUSE-SU-2020:0568-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1153072,1163927,1163959,1163969
CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    ovmf-2017+git1510945757.b2662641d5-5.29.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-03-08 20:11:26 UTC
openSUSE-SU-2020:0314-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1153072,1163927,1163959,1163969
CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575
Sources used:
openSUSE Leap 15.1 (src):    ovmf-2017+git1510945757.b2662641d5-lp151.11.3.1
Comment 10 Swamp Workflow Management 2020-03-16 20:14:06 UTC
SUSE-SU-2020:0699-1: An update that fixes four vulnerabilities is now available.

Category: security (low)
Bug References: 1153072,1163927,1163959,1163969
CVE References: CVE-2019-14553,CVE-2019-14559,CVE-2019-14563,CVE-2019-14575
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    ovmf-2017+git1510945757.b2662641d5-3.23.1
SUSE Linux Enterprise Server 12-SP4 (src):    ovmf-2017+git1510945757.b2662641d5-3.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Alexandros Toptsoglou 2020-07-10 14:50:10 UTC
Done