]> git.proxmox.com Git - mirror_edk2.git/commit - MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f9713ab) | patch
MdeModulePkg/HiiDB: Remove configuration table when it's freed (CVE-2019-14586)
authorDandan Bi <dandan.bi@intel.com>
Tue, 24 Sep 2019 03:17:52 +0000 (11:17 +0800)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Fri, 14 Feb 2020 08:02:07 +0000 (08:02 +0000)
commitc32be82e99ef272e7fa742c2f06ff9a4c3756613
tree73e11e2840d16635bc55ec381f07c8596c792200tree
parentf9713abe950b3d3e0e27bf87a03b5fa2bc69735fcommit | diff
MdeModulePkg/HiiDB: Remove configuration table when it's freed (CVE-2019-14586)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1995

Fix the corner case issue that the original configuration runtime
memory is freed, but it is still exposed to the OS runtime.
So this patch is to remove the configuration table to avoid being
used in OS runtime when the configuration runtime memory is freed.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
MdeModulePkg/Universal/HiiDatabaseDxe/Database.c diff | blob | blame | history
EFI Development Kit II mirror for PVE