[Bug 1218678] New: VUL-0: CVE-2022-36763: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of co ...
https://bugzilla.suse.com/show_bug.cgi?id=1218678 Bug ID: 1218678 Summary: VUL-0: CVE-2022-36763: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of co ... Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/390488/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: guillaume.gardet@opensuse.org Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: stoyan.manolov@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36763 https://www.cve.org/CVERecord?id=CVE-2022-36763 https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jlee@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jlee@suse.com) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 https://bugzilla.suse.com/show_bug.cgi?id=1218678#c2 --- Comment #2 from Joey Lee <jlee@suse.com> --- (In reply to SMASH SMASH from comment #0)
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36763 https://www.cve.org/CVERecord?id=CVE-2022-36763 https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
I will backport patch in the above edk2 bug after it be merged to edk2 mainline. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2022-3676 | |3:7.0:(AV:L/AC:H/PR:L/UI:N/ | |S:C/C:L/I:L/A:H) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 https://bugzilla.suse.com/show_bug.cgi?id=1218678#c3 --- Comment #3 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #2)
(In reply to SMASH SMASH from comment #0)
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36763 https://www.cve.org/CVERecord?id=CVE-2022-36763 https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
I will backport patch in the above edk2 bug after it be merged to edk2 mainline.
Those patches be merged to edk2 mainline. I will backport them. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|guillaume.gardet@opensuse.o |jlee@suse.com |rg | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 https://bugzilla.suse.com/show_bug.cgi?id=1218678#c5 --- Comment #5 from Joey Lee <jlee@suse.com> --- commit 1ddcb9fc6b4164e882687b031e8beacfcf7df29e [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:03 2024 +0800 SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml commit 4776a1b39ee08fc45c70c1eab5a0195f325000d3 [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:02 2024 +0800 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763 commit 224446543206450ddb5830e6abd026d61d3c7f4b [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:01 2024 +0800 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 https://bugzilla.suse.com/show_bug.cgi?id=1218678#c6 --- Comment #6 from Joey Lee <jlee@suse.com> --- commit 264636d8e6983e0f6dc6be2fca9d84ec81315954 Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:22 2024 -0800 SecurityPkg: : Updating SecurityFixes.yaml after symbol rename commit 326db0c9072004dea89427ea3a44393a84966f2b Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:21 2024 -0800 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename commit 40adbb7f628dee79156c679fb0857968b61b7620 Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:20 2024 -0800 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 https://bugzilla.suse.com/show_bug.cgi?id=1218678#c7 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jlee@suse.com) | --- Comment #7 from Joey Lee <jlee@suse.com> --- Backported patches be submitted to 15-SP6 and wait to be merged: https://build.suse.de/request/show/329676 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218678 https://bugzilla.suse.com/show_bug.cgi?id=1218678#c10 --- Comment #10 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #7)
Backported patches be submitted to 15-SP6 and wait to be merged:
Backported patch be merged to 15-SP6/ovmf -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com