[Bug 1218679] New: VUL-0: CVE-2022-36764: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of con ...
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Bug ID: 1218679 Summary: VUL-0: CVE-2022-36764: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of con ... Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/390489/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: guillaume.gardet@opensuse.org Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: stoyan.manolov@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36764 https://www.cve.org/CVERecord?id=CVE-2022-36764 https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jlee@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jlee@suse.com) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 https://bugzilla.suse.com/show_bug.cgi?id=1218679#c2 --- Comment #2 from Joey Lee <jlee@suse.com> --- (In reply to SMASH SMASH from comment #0)
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36764 https://www.cve.org/CVERecord?id=CVE-2022-36764 https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j
The patch in the above edk2 bug is still under reviewing. I will backport the patch after it be merged to edk2 mainline. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2022-3676 | |4:7.0:(AV:L/AC:H/PR:L/UI:N/ | |S:C/C:L/I:L/A:H) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 https://bugzilla.suse.com/show_bug.cgi?id=1218679#c3 --- Comment #3 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #2)
(In reply to SMASH SMASH from comment #0)
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36764 https://www.cve.org/CVERecord?id=CVE-2022-36764 https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j
The patch in the above edk2 bug is still under reviewing. I will backport the patch after it be merged to edk2 mainline.
Those patches be merged to edk2 mainline. I will backport them. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|guillaume.gardet@opensuse.o |jlee@suse.com |rg | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 https://bugzilla.suse.com/show_bug.cgi?id=1218679#c5 --- Comment #5 from Joey Lee <jlee@suse.com> --- commit 8f6d343ae639fba8e4b80e45257275e23083431f [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:06 2024 +0800 SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml commit 0d341c01eeabe0ab5e76693b36e728b8f538a40e [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:05 2024 +0800 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764 commit c7b27944218130cca3bbb20314ba5b88b5de4aa4 [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:04 2024 +0800 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 https://bugzilla.suse.com/show_bug.cgi?id=1218679#c6 --- Comment #6 from Joey Lee <jlee@suse.com> --- commit 264636d8e6983e0f6dc6be2fca9d84ec81315954 Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:22 2024 -0800 SecurityPkg: : Updating SecurityFixes.yaml after symbol rename commit 326db0c9072004dea89427ea3a44393a84966f2b Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:21 2024 -0800 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename commit 40adbb7f628dee79156c679fb0857968b61b7620 Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:20 2024 -0800 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 https://bugzilla.suse.com/show_bug.cgi?id=1218679#c7 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jlee@suse.com) | --- Comment #7 from Joey Lee <jlee@suse.com> --- Backported patches be submitted to 15-SP6 and wait to be merged: https://build.suse.de/request/show/329676 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 https://bugzilla.suse.com/show_bug.cgi?id=1218679#c10 --- Comment #10 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #7)
Backported patches be submitted to 15-SP6 and wait to be merged:
Backported patch be merged to 15-SP6/ovmf -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1218679 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: CVE-2022-36764: EDK2 |VUL-0: CVE-2022-36764: |is susceptible to a |ovmf,EDK2 is susceptible to |vulnerability in the |a vulnerability in the |Tcg2MeasurePeImage() |Tcg2MeasurePeImage() |function, allowing a user |function, allowing a user |to trigger a heap buffer |to trigger a heap buffer |overflow via a local |overflow via a local |network. Successful |network. Successful |exploitation of this |exploitation of this |vulnerability may result in |vulnerability may result in |a compromise of con ... |a compromise -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com