1883529 – (CVE-2021-28211) CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo

Bug 1883529 (CVE-2021-28211) - CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo

Summary: CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-28211
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1899496 1892318 1899495 1911022 1952953
Blocks:	1883558
TreeView+	depends on / blocked

Reported:	2020-09-29 13:42 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-04-17 21:01 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed:	2021-06-29 16:40:30 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:2591	0	None	None	None	2021-06-29 16:05:47 UTC
TianoCore	1816	0	None	None	None	2020-10-01 08:00:41 UTC

Description Guilherme de Almeida Suckevicz 2020-09-29 13:42:45 UTC

A flaw was found in edk2 in the decompression process of UEFI images in the LzmaUefiDecompressGetInfo() function. A crafted LZMA header can lead to a heap-based buffer overflow.

Reference:
https://bugzilla.tianocore.org/show_bug.cgi?id=1816

Comment 1 Laszlo Ersek 2020-10-01 08:15:15 UTC

Upstream patch is ready and has been reviewed:

https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c10
https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c12

Comment 6 Riccardo Schirone 2020-11-19 12:13:33 UTC

Created edk2 tracking bugs for this issue:

Affects: epel-all [bug 1899496]
Affects: fedora-all [bug 1899495]

Comment 7 Laszlo Ersek 2020-11-21 02:06:30 UTC

Upstream fix merged as commit e7bd0dd26db7, via <https://github.com/tianocore/edk2/pull/1138>.

Comment 10 errata-xmlrpc 2021-06-29 16:05:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2591 https://access.redhat.com/errata/RHSA-2021:2591

Comment 11 Product Security DevOps Team 2021-06-29 16:40:30 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-28211

Note You need to log in before you can comment on or make changes to this bug.