1883529 – (CVE-2021-28211) CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo

Bug 1883529 (CVE-2021-28211) - CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo

Summary: CVE-2021-28211 edk2: possible heap corruption with LzmaUefiDecompressGetInfo

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-28211
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1892318 1899495 1899496 1911022 1952953
Blocks:	1883558
TreeView+	depends on / blocked

Reported:	2020-09-29 13:42 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-04-17 21:01 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-06-29 16:40:30 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:2591	0	None	None	None	2021-06-29 16:05:47 UTC
TianoCore	1816	0	None	None	None	2020-10-01 08:00:41 UTC

Description Guilherme de Almeida Suckevicz 2020-09-29 13:42:45 UTC

A flaw was found in edk2 in the decompression process of UEFI images in the LzmaUefiDecompressGetInfo() function. A crafted LZMA header can lead to a heap-based buffer overflow.

Reference:
https://bugzilla.tianocore.org/show_bug.cgi?id=1816

Comment 1 Laszlo Ersek 2020-10-01 08:15:15 UTC

Upstream patch is ready and has been reviewed:

https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c10
https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c12

Comment 6 Riccardo Schirone 2020-11-19 12:13:33 UTC

Created edk2 tracking bugs for this issue:

Affects: epel-all [bug 1899496]
Affects: fedora-all [bug 1899495]

Comment 7 Laszlo Ersek 2020-11-21 02:06:30 UTC

Upstream fix merged as commit e7bd0dd26db7, via <https://github.com/tianocore/edk2/pull/1138>.

Comment 10 errata-xmlrpc 2021-06-29 16:05:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2591 https://access.redhat.com/errata/RHSA-2021:2591

Comment 11 Product Security DevOps Team 2021-06-29 16:40:30 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-28211

Note You need to log in before you can comment on or make changes to this bug.