[Bug 1218680] VUL-0: CVE-2022-36765: EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise ...

https://bugzilla.suse.com/show_bug.cgi?id=1218680 https://bugzilla.suse.com/show_bug.cgi?id=1218680#c3 --- Comment #3 from Joey Lee <jlee@suse.com> --- Actually, this CVE is NOT easy to be used because it's in PEI stage: Integer Overflow in CreateHob() could lead to HOB OOB R/W https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx Impact Exploitability here seems tricky, as an attacker would need to trigger this vulnerability in the PEI phase. On the other hand, the number of calls to this function is fairly high. -- You are receiving this mail because: You are on the CC list for the bug.