It is possible for S3BootScriptLib APIs to cause numeric truncations that may lead to S3 boot script entry with wrong size being returned. This may lead to memory corruption. Affected functions: S3BootScriptSaveIoWrite S3BootScriptSaveMemWrite S3BootScriptSavePciCfgWrite S3BootScriptSavePciCfg2Write S3BootScriptSaveSmbusExecute S3BootScriptSaveInformation S3BootScriptSaveInformationAsciiString S3BootScriptLabel (happen in S3BootScriptLabelInternal())
Upstream fix: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1801260] Affects: fedora-all [bug 1801259]
Upstream bug: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1712 https://access.redhat.com/errata/RHSA-2020:1712
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14563