|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2022-36764: ovmf,EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Joey Lee <jlee> |
| Status: | IN_PROGRESS --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | jlee, meissner, stoyan.manolov |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/390489/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2022-36764:7.0:(AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2024-01-10 05:27:03 UTC
(In reply to SMASH SMASH from comment #0) > EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, > allowing a user to trigger a heap buffer overflow via a local network. > Successful exploitation of this vulnerability may result in a compromise of > confidentiality, integrity, and/or availability. > > References: > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36764 > https://www.cve.org/CVERecord?id=CVE-2022-36764 > https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j The patch in the above edk2 bug is still under reviewing. I will backport the patch after it be merged to edk2 mainline. (In reply to Joey Lee from comment #2) > (In reply to SMASH SMASH from comment #0) > > EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, > > allowing a user to trigger a heap buffer overflow via a local network. > > Successful exploitation of this vulnerability may result in a compromise of > > confidentiality, integrity, and/or availability. > > > > References: > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36764 > > https://www.cve.org/CVERecord?id=CVE-2022-36764 > > https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j > > The patch in the above edk2 bug is still under reviewing. I will backport > the patch after it be merged to edk2 mainline. Those patches be merged to edk2 mainline. I will backport them. commit 8f6d343ae639fba8e4b80e45257275e23083431f [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:06 2024 +0800 SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml commit 0d341c01eeabe0ab5e76693b36e728b8f538a40e [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:05 2024 +0800 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764 commit c7b27944218130cca3bbb20314ba5b88b5de4aa4 [edk2-stable202402] Author: Douglas Flick [MSFT] <doug.edk2@gmail.com> Date: Fri Jan 12 02:16:04 2024 +0800 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764 commit 264636d8e6983e0f6dc6be2fca9d84ec81315954 Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:22 2024 -0800 SecurityPkg: : Updating SecurityFixes.yaml after symbol rename commit 326db0c9072004dea89427ea3a44393a84966f2b Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:21 2024 -0800 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename commit 40adbb7f628dee79156c679fb0857968b61b7620 Author: Doug Flick <dougflick@microsoft.com> Date: Wed Jan 17 14:47:20 2024 -0800 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename Backported patches be submitted to 15-SP6 and wait to be merged: https://build.suse.de/request/show/329676 (In reply to Joey Lee from comment #7) > Backported patches be submitted to 15-SP6 and wait to be merged: > > https://build.suse.de/request/show/329676 Backported patch be merged to 15-SP6/ovmf |