Bug ID 1218678
Summary VUL-0: CVE-2022-36763: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of co ...
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.6
Hardware Other
URL https://smash.suse.de/issue/390488/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee guillaume.gardet@opensuse.org
Reporter smash_bz@suse.de
QA Contact security-team@suse.de
CC stoyan.manolov@suse.com
Target Milestone ---
Found By Security Response Team
Blocker ---

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function,
allowing a user to trigger a heap buffer overflow via a local network.
Successful exploitation of this vulnerability may result in a compromise of
confidentiality, integrity, and/or availability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36763
https://www.cve.org/CVERecord?id=CVE-2022-36763
https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr


You are receiving this mail because: