1218680 – (CVE-2022-36765) VUL-0: CVE-2022-36765: ovmf,EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise

Bug 1218680 (CVE-2022-36765) - VUL-0: CVE-2022-36765: ovmf,EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise

Summary: VUL-0: CVE-2022-36765: ovmf,EDK2 is susceptible to a vulnerability in the Cre...

Status:	NEW

Alias:	CVE-2022-36765

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Joey Lee
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/390490/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-36765:7.0:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-01-10 05:27 UTC by SMASH SMASH
Modified:	2024-05-17 11:24 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Flags:	stoyan.manolov: needinfo? (jlee)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-01-10 05:27:26 UTC

EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36765
https://www.cve.org/CVERecord?id=CVE-2022-36765
https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx

Comment 2 Joey Lee 2024-01-12 04:51:06 UTC

(In reply to SMASH SMASH from comment #0)
> EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing
> a user to trigger a integer overflow to buffer overflow via a local network.
> Successful exploitation of this vulnerability may result in a compromise of
> confidentiality, integrity, and/or availability.
> 
> References:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36765
> https://www.cve.org/CVERecord?id=CVE-2022-36765
> https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx

Upstream experts are still working on the patch in the above EDK2 bug. I will backport it when the patch be merged to edk2 mainline.

Comment 3 Joey Lee 2024-01-12 04:59:00 UTC

Actually, this CVE is NOT easy to be used because it's in PEI stage:

Integer Overflow in CreateHob() could lead to HOB OOB R/W
https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx

Impact
Exploitability here seems tricky, as an attacker would need to trigger this vulnerability in the PEI phase.
On the other hand, the number of calls to this function is fairly high.