Source: edk2 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for edk2. CVE-2022-36763[0]: | EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() | function, allowing a user to trigger a heap buffer overflow via a | local network. Successful exploitation of this vulnerability may | result in a compromise of confidentiality, integrity, and/or | availability. https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr https://bugzilla.tianocore.org/show_bug.cgi?id=4117 CVE-2022-36764[1]: | EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() | function, allowing a user to trigger a heap buffer overflow via a | local network. Successful exploitation of this vulnerability may | result in a compromise of confidentiality, integrity, and/or | availability. https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j https://bugzilla.tianocore.org/show_bug.cgi?id=4118 CVE-2022-36765[2]: | EDK2 is susceptible to a vulnerability in the CreateHob() function, | allowing a user to trigger a integer overflow to buffer overflow via | a local network. Successful exploitation of this vulnerability may | result in a compromise of confidentiality, integrity, and/or | availability. https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx https://bugzilla.tianocore.org/show_bug.cgi?id=4166 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-36763 https://www.cve.org/CVERecord?id=CVE-2022-36763 [1] https://security-tracker.debian.org/tracker/CVE-2022-36764 https://www.cve.org/CVERecord?id=CVE-2022-36764 [2] https://security-tracker.debian.org/tracker/CVE-2022-36765 https://www.cve.org/CVERecord?id=CVE-2022-36765 Please adjust the affected versions in the BTS as needed.
