CVE-2022-36765 - StandaloneMmHobLibSysCall: Prevent integer overflow in CreateHob() [Rebase & FF]

[makubacki]

Description

Contains the primary commit for the HOB calculation overflow and a separate commit to build with the tip of mu_basecore release/202302.

---

CVE-2022-36765 - StandaloneMmHobLibSysCall: Prevent integer overflow in CreateHob()

Based on commit 9a75b030cf27d2530444e9a2f9f11867f79bf679 in edk2.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166

Fix integer overflow in various CreateHob instances. Fixes: CVE-2022-36765

The CreateHob() function aligns the requested size to 8 performing the following operation:

 HobLength = (UINT16)((HobLength + 0x7) & (~0x7));

No checks are performed to ensure this value doesn't overflow, and could lead to CreateHob() returning a smaller HOB than requested, which could lead to OOB HOB accesses.

---

MmSupervisorPkg/BaseLibSysCall/BaseLib: Update override

The change that occurred in MdePkg/Library/BaseLib only affected AARCH64 which does not exist in the instance in MmSupervisorPkg.

So, this change simply updates the override hash to the new value.

---

• [x] Impacts functionality?
  • Functionality - Does the change ultimately impact how firmware functions?
  • Examples: Add a new library, publish a new PPI, update an algorithm, ...
• [x] Impacts security?
  • Security - Does the change have a direct security impact on an application, flow, or firmware?
  • Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ...
• [ ] Breaking change?
  • Breaking change - Will anyone consuming this change experience a break in build or boot behavior?
  • Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ...
• [ ] Includes tests?
  • Tests - Does the change include any explicit test code?
  • Examples: Unit tests, integration tests, robot tests, ...
• [ ] Includes documentation?
  • Documentation - Does the change contain explicit documentation additions outside direct code modifications (and comments)?
  • Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ...

How This Was Tested

• MmSupervisorPkg CI.
• Upstream validation.
• Boot on QEMU.

Integration Instructions

N/A

[makubacki]

@kuqin12 I'd like to get in this PR before (https://github.com/microsoft/mu_feature_mm_supv/pull/209) to have a final point in the main branch that builds against release/2023002 repos with the security patch included.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (e0c16a8) 0.46% compared to head (64de679) 0.46%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #222 +/- ## ======================================== - Coverage 0.46% 0.46% -0.01% ======================================== Files 142 142 Lines 22465 22467 +2 Branches 59 59 ======================================== Hits 105 105 - Misses 22355 22357 +2 Partials 5 5 ``` | [Flag](https://app.codecov.io/gh/microsoft/mu_feature_mm_supv/pull/222/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=microsoft) | Coverage Δ | | |---|---|---| | [MmSupervisorPkg](https://app.codecov.io/gh/microsoft/mu_feature_mm_supv/pull/222/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=microsoft) | `0.46% <ø> (-0.01%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=microsoft#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.