CVE-2022-36765
EUVD-2022-3946509.01.2024, 16:15
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tianocore | edk2 | 𝑥 ≤ 202311 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||
|---|---|---|---|---|---|
| ovmf-202202 |
| ||||
| ovmf-202208 |
| ||||
| ovmf-202308 |
| ||||
| ovmf-tools-202202 |
| ||||
| ovmf-tools-202208 |
| ||||
| ovmf-tools-202308 |
| ||||
| qemu-ovmf-x86_64-202202 |
| ||||
| qemu-ovmf-x86_64-202208 |
| ||||
| qemu-ovmf-x86_64-202308 |
| ||||
| qemu-uefi-aarch64-202202 |
| ||||
| qemu-uefi-aarch64-202208 |
| ||||
| qemu-uefi-aarch64-202308 |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
- CWE-680 - Integer Overflow to Buffer OverflowThe product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
References