[AutoPR- Security] Patch edk2 for CVE-2025-3770 [MEDIUM] (#14473)

azurelinux-security · kgodara912 · web-flow · commit 5671f8ff8852 · 2025-08-22T22:22:48.000+05:30
Co-authored-by: kgodara912 &lt;kshigodara@outlook.com&gt;
diff --git a/SPECS/edk2/CVE-2025-3770.patch b/SPECS/edk2/CVE-2025-3770.patch
@@ -0,0 +1,46 @@
+From bbbab1679f5d9ea5f883219d5cde810cf60b1273 Mon Sep 17 00:00:00 2001
+From: John Mathews <john.mathews@intel.com>
+Date: Fri, 30 May 2025 11:06:49 -0700
+Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Safe handling of IDT register on
+ SMM entry
+
+Mitigates CVE-2025-3770
+
+Do not assume that IDT.limit is loaded with a zero value upon SMM entry.
+Delay enabling Machine Check Exceptions in SMM until after the SMM IDT
+has been reloaded.
+
+Signed-off-by: John Mathews <john.mathews@intel.com>
+Signed-off-by: rpm-build <rpm-build>
+Upstream-reference: https://github.com/tianocore/edk2/commit/d2d8d38ee08c5e602fb092f940dfecc1f5a4eb38.patch
+---
+ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+index d302ca8..d797f09 100644
+--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
++++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+@@ -126,7 +126,7 @@ ProtFlatMode:
+     mov eax, strict dword 0               ; source operand will be patched
+ ASM_PFX(gPatchSmiCr3):
+     mov     cr3, rax
+-    mov     eax, 0x668                   ; as cr4.PGE is not set here, refresh cr3
++    mov     eax, 0x628                   ; as cr4.PGE is not set here, refresh cr3
+ 
+     mov     cl, strict byte 0            ; source operand will be patched
+ ASM_PFX(gPatch5LevelPagingNeeded):
+@@ -217,6 +217,10 @@ SmiHandlerIdtrAbsAddr:
+     mov     ax, [rbx + DSC_SS]
+     mov     ss, eax
+ 
++    mov     rax, cr4                    ; enable MCE
++    bts     rax, 6
++    mov     cr4, rax
++
+     mov     rbx, [rsp + 0x8]             ; rbx <- CpuIndex
+ 
+ ; enable CET if supported
+-- 
+2.45.4
+
diff --git a/SPECS/edk2/edk2.spec b/SPECS/edk2/edk2.spec
@@ -45,7 +45,7 @@ ExclusiveArch: x86_64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    42%{?dist}
+Release:    43%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
 URL:        http://www.tianocore.org
@@ -132,6 +132,7 @@ Patch1003: CVE-2023-2650.patch
 Patch1004: improve-safety-of-DH.patch
 Patch1005: vendored-openssl-1.1.1-Only-free-the-read-buffers-if-we-re-not-using-them.patch
 Patch1006: CVE-2022-4304.patch
+Patch1007: CVE-2025-3770.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -715,6 +716,9 @@ $tests_ok
 
 
 %changelog
+* Mon Aug 11 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 20230301gitf80f052277c8-43
+- Patch for CVE-2025-3770
+
 * Fri May 02 2025 Ankita Pareek <ankitapareek@microsoft.com> - 20230301gitf80f052277c8-42
 - Add patch for CVE-2024-38796 CVE-2023-45229, CVE-2023-45231, CVE-2022-4304
 
