Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 921729 (CVE-2022-36763, CVE-2022-36764, CVE-2022-36765)

Summary: sys-firmware/edk2-ovmf{,-bin}: multiple vulnerabilities
Product: Gentoo Security Reporter: Christopher Fore <csfore>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: tamiko, virtualization
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---

Description Christopher Fore 2024-01-10 23:22:07 UTC 
CVE-2022-36763 (https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr):

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

CVE-2022-36764 (https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j):

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

CVE-2022-36765 (https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx):

EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.


The above are planned to be fixed in their February 2024 release with a patch available here:

https://bugzilla.tianocore.org/show_bug.cgi?id=4117
Comment 1 Christopher Fore 2024-01-10 23:28:48 UTC 
Oops I forgot to specify patches and their relevant CVEs:

CVE-2022-36763 patch: https://bugzilla.tianocore.org/show_bug.cgi?id=4117

CVE-2022-36764 patch: https://bugzilla.tianocore.org/show_bug.cgi?id=4118

CVE-2022-36765 patch: https://bugzilla.tianocore.org/show_bug.cgi?id=4166