Version in base suite: 2025.02-8

Base version: edk2_2025.02-8
Target version: edk2_2025.02-8+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/e/edk2/edk2_2025.02-8.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/e/edk2/edk2_2025.02-8+deb13u1.dsc

 changelog                                                               |   12 +
 patches/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch |  120 ++++++++++
 patches/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch |   73 ++++++
 patches/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch |   45 +++
 patches/series                                                          |    3 
 5 files changed, 253 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp9h4g6rzm/edk2_2025.02-8.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp9h4g6rzm/edk2_2025.02-8+deb13u1.dsc: no acceptable signature found
diff: /srv/release.debian.org/tmp/uv7wEkL0HS/edk2-2025.02/EmulatorPkg/Unix/Host/X11IncludeHack: No such file or directory
diff: /srv/release.debian.org/tmp/DyuqgCPBaG/edk2-2025.02/EmulatorPkg/Unix/Host/X11IncludeHack: No such file or directory
diff -Nru edk2-2025.02/debian/changelog edk2-2025.02/debian/changelog
--- edk2-2025.02/debian/changelog	2025-05-13 02:18:11.000000000 +0000
+++ edk2-2025.02/debian/changelog	2025-11-08 18:06:17.000000000 +0000
@@ -1,3 +1,15 @@
+edk2 (2025.02-8+deb13u1) trixie; urgency=medium
+
+  * Cherry-pick openssl fix for timing side-channel in ECDSA signature
+    computation, CVE-2024-13176.
+    - d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
+  * Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805.
+    - d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
+  * Safe handling of IDT register on SMM entry, CVE-2025-3770.
+    - d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch
+
+ -- dann frazier <dannf@debian.org>  Sat, 08 Nov 2025 11:06:17 -0700
+
 edk2 (2025.02-8) unstable; urgency=medium
 
   * ovmf, ovmf-ia32, qemu-efi-aarch64: Uninstall the EFI_MEMORY_ATTRIBUTE
diff -Nru edk2-2025.02/debian/patches/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch edk2-2025.02/debian/patches/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
--- edk2-2025.02/debian/patches/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch	1970-01-01 00:00:00.000000000 +0000
+++ edk2-2025.02/debian/patches/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch	2025-11-08 18:06:17.000000000 +0000
@@ -0,0 +1,120 @@
+From 63c40a66c5dc287485705d06122d3a6e74a6a203 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 15 Jan 2025 18:27:02 +0100
+Subject: [PATCH] Fix timing side-channel in ECDSA signature computation
+
+There is a timing signal of around 300 nanoseconds when the top word of
+the inverted ECDSA nonce value is zero. This can happen with significant
+probability only for some of the supported elliptic curves. In particular
+the NIST P-521 curve is affected. To be able to measure this leak, the
+attacker process must either be located in the same physical computer or
+must have a very fast network connection with low latency.
+
+Attacks on ECDSA nonce are also known as Minerva attack.
+
+Fixes CVE-2024-13176
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/26429)
+
+Origin: https://github.com/openssl/openssl/commit/63c40a66c5dc287485705d06122d3a6e74a6a203
+Last-Updated: 2025-05-14
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c
+index b876edbfac..af52e2ced6 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_exp.c
+@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+  * out by Colin Percival,
+  * http://www.daemonology.net/hyperthreading-considered-harmful/)
+  */
+-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                               const BIGNUM *m, BN_CTX *ctx,
+                               BN_MONT_CTX *in_mont)
+ {
+@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     unsigned int t4 = 0;
+ #endif
+ 
+-    bn_check_top(a);
+-    bn_check_top(p);
+-    bn_check_top(m);
+-
+     if (!BN_is_odd(m)) {
+         ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
+         return 0;
+@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+             goto err;
+     } else
+ #endif
+-    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
++    if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
+         goto err;
+     ret = 1;
+  err:
+@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     return ret;
+ }
+ 
++int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++                              const BIGNUM *m, BN_CTX *ctx,
++                              BN_MONT_CTX *in_mont)
++{
++    bn_check_top(a);
++    bn_check_top(p);
++    bn_check_top(m);
++    if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
++        return 0;
++    bn_correct_top(rr);
++    return 1;
++}
++
+ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c
+index 19384eba18..3f8d65c1bf 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_lib.c
+@@ -21,6 +21,7 @@
+ #include <openssl/opensslv.h>
+ #include <openssl/param_build.h>
+ #include "crypto/ec.h"
++#include "crypto/bn.h"
+ #include "internal/nelem.h"
+ #include "ec_local.h"
+ 
+@@ -1265,10 +1266,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+     if (!BN_sub(e, group->order, e))
+         goto err;
+     /*-
+-     * Exponent e is public.
+-     * No need for scatter-gather or BN_FLG_CONSTTIME.
++     * Although the exponent is public we want the result to be
++     * fixed top.
+      */
+-    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
++    if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data))
+         goto err;
+ 
+     ret = 1;
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h b/CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h
+index 47d9b44f87..bdee28625c 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h
++++ b/CryptoPkg/Library/OpensslLib/openssl/include/crypto/bn.h
+@@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+  */
+ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                           BN_MONT_CTX *mont, BN_CTX *ctx);
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++                              const BIGNUM *m, BN_CTX *ctx,
++                              BN_MONT_CTX *in_mont);
+ int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                          BN_CTX *ctx);
+ int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+-- 
+2.49.0
+
diff -Nru edk2-2025.02/debian/patches/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch edk2-2025.02/debian/patches/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
--- edk2-2025.02/debian/patches/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch	1970-01-01 00:00:00.000000000 +0000
+++ edk2-2025.02/debian/patches/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch	2025-11-08 18:06:17.000000000 +0000
@@ -0,0 +1,73 @@
+From b3a2f7ff24e156e8c4d694fffff01e95a048c536 Mon Sep 17 00:00:00 2001
+From: Santhosh Kumar V <santhoshkumarv@ami.com>
+Date: Wed, 7 May 2025 18:53:30 +0530
+Subject: [PATCH] NetworkPkg/IScsiDxe:Fix for out of bound memory access for
+ bz4207 (CVE-2024-38805)
+
+In IScsiBuildKeyValueList, check if we have any data left (Len > 0) before advancing the Data pointer and reducing Len.
+Avoids wrapping Len. Also Used SafeUint32SubSafeUint32Sub call to reduce the Len .
+
+Signed-off-by: santhosh kumar V <santhoshkumarv@ami.com>
+
+Origin: https://github.com/tianocore/edk2/commit/b3a2f7ff24e156e8c4d694fffff01e95a048c536
+Last-Updated: 2025-05-15
+
+diff --git a/NetworkPkg/IScsiDxe/IScsiProto.c b/NetworkPkg/IScsiDxe/IScsiProto.c
+index fb48e6304d..13394dbfc6 100644
+--- a/NetworkPkg/IScsiDxe/IScsiProto.c
++++ b/NetworkPkg/IScsiDxe/IScsiProto.c
+@@ -1880,6 +1880,8 @@ IScsiBuildKeyValueList (
+ {
+   LIST_ENTRY            *ListHead;
+   ISCSI_KEY_VALUE_PAIR  *KeyValuePair;
++  EFI_STATUS            Status;
++  UINT32                Result;
+ 
+   ListHead = AllocatePool (sizeof (LIST_ENTRY));
+   if (ListHead == NULL) {
+@@ -1903,9 +1905,14 @@ IScsiBuildKeyValueList (
+       Data++;
+     }
+ 
+-    if (*Data == '=') {
++    // Here Len must not be zero.
++    // The value of Len is size of data buffer. Actually, Data is make up of strings.
++    // AuthMethod=None\0TargetAlias=LIO Target\0 TargetPortalGroupTag=1\0
++    // (1) Len == 0, *Data != '=' goto ON_ERROR
++    // (2) *Data == '=', Len != 0 normal case.
++    // (3) *Data == '=', Len == 0, Between Data and Len are mismatch, Len isn't all size of data, as error.
++    if ((Len > 0) && (*Data == '=')) {
+       *Data = '\0';
+-
+       Data++;
+       Len--;
+     } else {
+@@ -1915,10 +1922,22 @@ IScsiBuildKeyValueList (
+ 
+     KeyValuePair->Value = Data;
+ 
+-    InsertTailList (ListHead, &KeyValuePair->List);
++    Status = SafeUint32Add ((UINT32)AsciiStrLen (KeyValuePair->Value), 1, &Result);
++    if (EFI_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "%a Memory Overflow is Detected.\n", __func__));
++      FreePool (KeyValuePair);
++      goto ON_ERROR;
++    }
+ 
+-    Data += AsciiStrLen (KeyValuePair->Value) + 1;
+-    Len  -= (UINT32)AsciiStrLen (KeyValuePair->Value) + 1;
++    Status = SafeUint32Sub (Len, Result, &Len);
++    if (EFI_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "%a Out of bound memory access Detected.\n", __func__));
++      FreePool (KeyValuePair);
++      goto ON_ERROR;
++    }
++
++    InsertTailList (ListHead, &KeyValuePair->List);
++    Data += Result;
+   }
+ 
+   return ListHead;
+-- 
+2.49.0
+
diff -Nru edk2-2025.02/debian/patches/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch edk2-2025.02/debian/patches/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch
--- edk2-2025.02/debian/patches/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch	1970-01-01 00:00:00.000000000 +0000
+++ edk2-2025.02/debian/patches/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch	2025-11-08 18:06:17.000000000 +0000
@@ -0,0 +1,45 @@
+From d2d8d38ee08c5e602fb092f940dfecc1f5a4eb38 Mon Sep 17 00:00:00 2001
+From: John Mathews <john.mathews@intel.com>
+Date: Fri, 30 May 2025 11:06:49 -0700
+Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Safe handling of IDT register on
+ SMM entry
+
+Mitigates CVE-2025-3770
+
+Do not assume that IDT.limit is loaded with a zero value upon SMM entry.
+Delay enabling Machine Check Exceptions in SMM until after the SMM IDT
+has been reloaded.
+
+Signed-off-by: John Mathews <john.mathews@intel.com>
+
+Origin: https://github.com/tianocore/edk2/commit/d2d8d38ee08c5e602fb092f940dfecc1f5a4eb38
+Last-Updated: 2025-08-18
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533
+
+diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+index 644366ba19..6e1cd45c04 100644
+--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
++++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+@@ -113,7 +113,7 @@ ProtFlatMode:
+     mov eax, strict dword 0               ; source operand will be patched
+ ASM_PFX(gPatchSmiCr3):
+     mov     cr3, rax
+-    mov     eax, 0x668                   ; as cr4.PGE is not set here, refresh cr3
++    mov     eax, 0x628                   ; as cr4.PGE is not set here, refresh cr3
+ 
+     mov     cl, strict byte 0            ; source operand will be patched
+ ASM_PFX(gPatch5LevelPagingNeeded):
+@@ -204,6 +204,10 @@ SmiHandlerIdtrAbsAddr:
+     mov     ax, [rbx + DSC_SS]
+     mov     ss, eax
+ 
++    mov     rax, cr4                    ; enable MCE
++    bts     rax, 6
++    mov     cr4, rax
++
+     mov     rbx, [rsp + 0x8]             ; rbx <- CpuIndex
+ 
+ ; enable CET if supported
+-- 
+2.47.2
+
diff -Nru edk2-2025.02/debian/patches/series edk2-2025.02/debian/patches/series
--- edk2-2025.02/debian/patches/series	2025-05-13 02:18:11.000000000 +0000
+++ edk2-2025.02/debian/patches/series	2025-11-08 18:06:17.000000000 +0000
@@ -9,3 +9,6 @@
 0002-SecurityPkg-Improving-HashPeImageByType-logic.patch
 0003-SecurityPkg-Improving-SecureBootConfigImpl-HashPeIma.patch
 0004-SecurityPkg-Update-SecurityFixes.yaml-for-CVE-2024-3.patch
+0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
+0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
+0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch