回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

Thu, 09 May 2024 02:40:51 -0700 

Doug:
  Is there any functionality impact by these two CVE fixes?

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Doug Flick via
> groups.io
> 发送时间: 2024年5月9日 13:56
> 收件人: devel@edk2.groups.io
> 抄送: Liming Gao <gaolim...@byosoft.com.cn>
> 主题: [edk2-devel] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
> 
>
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-
edk-ii-
> ipv6-network-stack.html
> 
> This patch series patches the following CVEs:
> - CVE-2023-45236: Predictable TCP Initial Sequence Numbers
> - CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
> 
> In order to patch these CVEs, the following changes were made:
> - NetworkPkg no longer performs it's own random number generation,
>   instead it uses EFI_RNG_PROTOCOL provided by the plaform to
>   generate random numbers.
>   - This change was made such that any future random number
>     generation vulnerabilities will be a result of the platforms
>     implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg
> 
> - NetworkPkg uses the TCP initial sequence number algorithm as described
>   in RFC 6528 to generate the initial sequence number for TCP connections.
>   - This change was made to ensure that the initial sequence number
>     is not predictable and therefore cannot be used in a TCP hijacking
>     attack.
> 
> In addition to the above changes, the following changes were made:
> - EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
>   Hash2DxeCrypto driver to support TCP ISN generation using
>   EFI_HASH2_PROTOCOL
> 
> - EmulatorPkg was updated to include the
>   RngDxe driver to support random number generation using the
>   EFI_RNG_PROTOCOL
> 
> - OvmfPkg, and ArmVirtPkg were updated to include the
>   virtio-rng-pci device to support random number generation using the
>   EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver
> 
> - SecurityPkg was updated to fix an incorrect limitation on the
>   GetRng function in the RngDxe driver where the minimum amount of
>   random data that could be requested was 32 bytes (256 bits) instead
>   of what the caller requested
> 
> - MdePkg was updated to include MockUefiBootServicesTableLib,
>   MockRng, and MockHash2 protocols for testing
> 
> - NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
>   due to underlying changes
> 
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> 
> Signed-off-by: Doug Flick [MSFT] <doug.e...@gmail.com>
> 
> Doug Flick (13):
>   EmulatorPkg: : Add RngDxe to EmulatorPkg
>   EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
>   OvmfPkg:PlatformCI: Support virtio-rng-pci
>   OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
>   ArmVirtPkg:PlatformCI: Support virtio-rng-pci
>   ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
>   SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
>   NetworkPkg:: SECURITY PATCH CVE-2023-45237
>   NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
>   MdePkg: : Add MockUefiBootServicesTableLib
>   MdePkg: : Adds Protocol for MockRng
>   MdePkg: Add MockHash2 Protocol for testing
>   NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
> 
>  NetworkPkg/NetworkPkg.dec
> |   7 +
>  ArmVirtPkg/ArmVirtQemu.dsc
> |   5 +
>  ArmVirtPkg/ArmVirtQemuKernel.dsc
> |   5 +
>  EmulatorPkg/EmulatorPkg.dsc
> |  14 +-
>  MdePkg/Test/MdePkgHostTest.dsc
> |   1 +
>  NetworkPkg/Test/NetworkPkgHostTest.dsc
> |   1 +
>  OvmfPkg/OvmfPkgIa32.dsc
> |   6 +-
>  OvmfPkg/OvmfPkgIa32X64.dsc
> |   6 +-
>  OvmfPkg/OvmfPkgX64.dsc
> |   6 +-
>  OvmfPkg/OvmfXen.dsc
> |   5 +
>  EmulatorPkg/EmulatorPkg.fdf
> |  11 +-
>  OvmfPkg/OvmfPkgIa32.fdf
> |   5 +
>  OvmfPkg/OvmfPkgIa32X64.fdf
> |   5 +
>  OvmfPkg/OvmfPkgX64.fdf
> |   5 +
>  OvmfPkg/OvmfXen.fdf
> |   5 +
> 
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.inf |  32 +++
>  NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
> |  13 +-
>  NetworkPkg/TcpDxe/TcpDxe.inf
> |  11 +-
>  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
> |   3 +-
> 
> MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.
> h                        |  78 +++++++
>  MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
> |  67 ++++++
>  MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
> |  48 ++++
>  NetworkPkg/IScsiDxe/IScsiMisc.h
> |   6 +-
>  NetworkPkg/Include/Library/NetLib.h
> |  40 +++-
>  NetworkPkg/Ip6Dxe/Ip6Nd.h
> |   8 +-
>  NetworkPkg/TcpDxe/TcpFunc.h
> |  23 +-
>  NetworkPkg/TcpDxe/TcpMain.h
> |  59 ++++-
>  NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
> |  10 +-
>  NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
> |  11 +-
>  NetworkPkg/DnsDxe/DnsDhcp.c
> |  10 +-
>  NetworkPkg/DnsDxe/DnsImpl.c
> |  11 +-
>  NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
> |  10 +-
>  NetworkPkg/IScsiDxe/IScsiCHAP.c
> |  19 +-
>  NetworkPkg/IScsiDxe/IScsiMisc.c
> |  14 +-
>  NetworkPkg/Ip4Dxe/Ip4Driver.c
> |  10 +-
>  NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
> |   9 +-
>  NetworkPkg/Ip6Dxe/Ip6Driver.c
> |  17 +-
>  NetworkPkg/Ip6Dxe/Ip6If.c
> |  12 +-
>  NetworkPkg/Ip6Dxe/Ip6Mld.c
> |  12 +-
>  NetworkPkg/Ip6Dxe/Ip6Nd.c
> |  33 ++-
>  NetworkPkg/Library/DxeNetLib/DxeNetLib.c
> | 129 +++++++++--
>  NetworkPkg/TcpDxe/TcpDriver.c
> | 105 ++++++++-
>  NetworkPkg/TcpDxe/TcpInput.c
> |  13 +-
>  NetworkPkg/TcpDxe/TcpMisc.c
> | 242 ++++++++++++++++++--
>  NetworkPkg/TcpDxe/TcpTimer.c
> |   3 +-
>  NetworkPkg/Udp4Dxe/Udp4Driver.c
> |  10 +-
>  NetworkPkg/Udp6Dxe/Udp6Driver.c
> |  11 +-
>  NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
> |   9 +-
>  NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
> |  11 +-
>  NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
> |  12 +-
>  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> |   8 -
>  ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
> |   5 +
>  ArmVirtPkg/PlatformCI/PlatformBuildLib.py
> |   2 +
> 
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.cpp |  69 ++++++
>  MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
> |  27 +++
>  MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
> |  21 ++
>  NetworkPkg/SecurityFixes.yaml
> |  61 +++++
>  NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
> | 102 ++++++++-
>  OvmfPkg/PlatformCI/PlatformBuildLib.py
> |   2 +
>  59 files changed, 1345 insertions(+), 150 deletions(-)
>  create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.inf
>  create mode 100644
> MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.
> h
>  create mode 100644
> MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
>  create mode 100644
> MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
>  create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.cpp
>  create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
>  create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
> 
> --
> 2.34.1
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118760): https://edk2.groups.io/g/devel/message/118760
Mute This Topic: https://groups.io/mt/105998004/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to