[MEDIUM] Patch hvloader for CVE-2024-38796 (microsoft#13767)

Author: archana25-ms

SPECS-SIGNED/hvloader-signed/hvloader-signed.spec

@@ -6,7 +6,7 @@
 Summary:        Signed HvLoader.efi for %{buildarch} systems
 Name:           hvloader-signed-%{buildarch}
 Version:        1.0.1
-Release:        12%{?dist}
+Release:        13%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -69,6 +69,9 @@ popd
 /boot/efi/HvLoader.efi
 
 %changelog
+* Tue May 13 2025 Archana Shettigar <[email protected]> - 1.0.1-13
+- Bump release for consistency with hvloader spec.
+
 * Tue Apr 29 2025 Mayank Singh <[email protected]> - 1.0.1-12
 - Bump release for consistency with hvloader spec.
 

SPECS/hvloader/CVE-2024-38796.patch

@@ -0,0 +1,27 @@
+From 8f5c0b8f6ffae9e6cebcef7703f40333714c2364 Mon Sep 17 00:00:00 2001
+From: archana25-ms <[email protected]>
+Date: Mon, 12 May 2025 14:02:08 +0000
+Subject: [PATCH] Address CVE-2024-38796
+
+Upstream Patch Reference: https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65
+
+---
+ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+index 86ff2e76..128090d9 100644
+--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
++++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
+     RelocDir = &Hdr.Te->DataDirectory[0];
+   }
+ 
+-  if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
++  if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
+     RelocBase    = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
+     RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
+                                                   ImageContext,
+-- 
+2.45.3
+

SPECS/hvloader/hvloader.spec

@@ -4,7 +4,7 @@
 Summary:        HvLoader.efi is an EFI application for loading an external hypervisor loader.
 Name:           hvloader
 Version:        1.0.1
-Release:        12%{?dist}
+Release:        13%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -33,6 +33,7 @@ Patch15: 	CVE-2022-36763_CVE-2023-36764.patch
 Patch16: 	CVE-2022-36765.patch
 Patch17: 	CVE-2023-45237.patch
 Patch18: 	CVE-2023-45236.patch
+Patch19: 	CVE-2024-38796.patch
 
 BuildRequires:  bc
 BuildRequires:  gcc
@@ -78,6 +79,9 @@ cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{
 /boot/efi/HvLoader.efi
 
 %changelog
+* Tue May 13 2025 Archana Shettigar <[email protected]> - 1.0.1-13
+- Fix CVE-2024-38796 with an upstream patch
+
 * Tue Apr 29 2025 Mayank Singh <[email protected]> - 1.0.1-12
 - Fix CVE-2023-45236 and CVE-2023-45237 with an upstream patch