[Bug 1218680] New: VUL-0: CVE-2022-36765: EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise ...
https://bugzilla.suse.com/show_bug.cgi?id=1218680 Bug ID: 1218680 Summary: VUL-0: CVE-2022-36765: EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise ... Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/390490/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: guillaume.gardet@opensuse.org Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: stoyan.manolov@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36765 https://www.cve.org/CVERecord?id=CVE-2022-36765 https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jlee@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jlee@suse.com) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 https://bugzilla.suse.com/show_bug.cgi?id=1218680#c2 --- Comment #2 from Joey Lee <jlee@suse.com> --- (In reply to SMASH SMASH from comment #0)
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36765 https://www.cve.org/CVERecord?id=CVE-2022-36765 https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx
Upstream experts are still working on the patch in the above EDK2 bug. I will backport it when the patch be merged to edk2 mainline. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 https://bugzilla.suse.com/show_bug.cgi?id=1218680#c3 --- Comment #3 from Joey Lee <jlee@suse.com> --- Actually, this CVE is NOT easy to be used because it's in PEI stage: Integer Overflow in CreateHob() could lead to HOB OOB R/W https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx Impact Exploitability here seems tricky, as an attacker would need to trigger this vulnerability in the PEI phase. On the other hand, the number of calls to this function is fairly high. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2022-3676 | |5:7.0:(AV:L/AC:H/PR:L/UI:N/ | |S:C/C:L/I:L/A:H) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|guillaume.gardet@opensuse.o |jlee@suse.com |rg | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218680 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: CVE-2022-36765: EDK2 |VUL-0: CVE-2022-36765: |is susceptible to a |ovmf,EDK2 is susceptible to |vulnerability in the |a vulnerability in the |CreateHob() function, |CreateHob() function, |allowing a user to trigger |allowing a user to trigger |a integer overflow to |a integer overflow to |buffer overflow via a local |buffer overflow via a local |network. Successful |network. Successful |exploitation of this |exploitation of this |vulnerability may result in |vulnerability may result in |a compromise ... |a compromise -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com