Bug 1883529 (CVE-2021-28211) - CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo
Summary: CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-28211
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1899496 1911022 1892318 1899495 1952953
Blocks: 1883558
TreeView+ depends on / blocked
 
Reported: 2020-09-29 13:42 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-06-29 16:40 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-06-29 16:40:30 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:2591 0 None None None 2021-06-29 16:05:47 UTC
TianoCore 1816 0 None None None 2020-10-01 08:00:41 UTC

Description Guilherme de Almeida Suckevicz 2020-09-29 13:42:45 UTC
A flaw was found in edk2 in the decompression process of UEFI images in the LzmaUefiDecompressGetInfo() function. A crafted LZMA header can lead to a heap-based buffer overflow.

Reference:
https://bugzilla.tianocore.org/show_bug.cgi?id=1816

Comment 1 Laszlo Ersek 2020-10-01 08:15:15 UTC
Upstream patch is ready and has been reviewed:

https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c10
https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c12

Comment 6 Riccardo Schirone 2020-11-19 12:13:33 UTC
Created edk2 tracking bugs for this issue:

Affects: epel-all [bug 1899496]
Affects: fedora-all [bug 1899495]

Comment 7 Laszlo Ersek 2020-11-21 02:06:30 UTC
Upstream fix merged as commit e7bd0dd26db7, via <https://github.com/tianocore/edk2/pull/1138>.

Comment 10 errata-xmlrpc 2021-06-29 16:05:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2591 https://access.redhat.com/errata/RHSA-2021:2591

Comment 11 Product Security DevOps Team 2021-06-29 16:40:30 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-28211


Note You need to log in before you can comment on or make changes to this bug.