2257582 – (CVE-2022-36763) CVE-2022-36763 EDK2: heap buffer overflow in Tcg2MeasureGptTable()

Bug 2257582 (CVE-2022-36763) - CVE-2022-36763 EDK2: heap buffer overflow in Tcg2MeasureGptTable()

Summary: CVE-2022-36763 EDK2: heap buffer overflow in Tcg2MeasureGptTable()

Keywords:
Status:	NEW
Alias:	CVE-2022-36763
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2257591 2257588
Blocks:	2257597
TreeView+	depends on / blocked

Reported:	2024-01-10 06:12 UTC by TEJ RATHI
Modified:	2024-05-17 14:41 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A heap buffer overflow flaw was found via the Tcg2MeasureGptTable() function in EDK2, arising from inadequate validation of the GPT Primary Header, presenting a minor risk to confidentiality and integrity. The primary consequence is likely a crash or denial of service. This issue may allow a local attacker to craft a GPT table, causing an integer overflow and consequent buffer overflow.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:2264	0	None	None	None	2024-04-30 09:57:38 UTC

Description TEJ RATHI 2024-01-10 06:12:09 UTC

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr

Comment 1 TEJ RATHI 2024-01-10 06:35:59 UTC

Created edk2 tracking bugs for this issue:

Affects: epel-all [bug 2257591]
Affects: fedora-all [bug 2257588]

Comment 3 errata-xmlrpc 2024-04-30 09:57:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2264 https://access.redhat.com/errata/RHSA-2024:2264

Note You need to log in before you can comment on or make changes to this bug.