Vulnerability Details CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.0%
CVSS Severity
CVSS v3 Score 7.0
References
- https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
- https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
Products affected by CVE-2022-36763
-
cpe:2.3:a:tianocore:edk2:-
-
cpe:2.3:a:tianocore:edk2:2017-11-07
-
cpe:2.3:a:tianocore:edk2:201808
-
cpe:2.3:a:tianocore:edk2:201811
-
cpe:2.3:a:tianocore:edk2:201903
-
cpe:2.3:a:tianocore:edk2:201905
-
cpe:2.3:a:tianocore:edk2:201908
-
cpe:2.3:a:tianocore:edk2:201911
-
cpe:2.3:a:tianocore:edk2:2020-10-21
-
cpe:2.3:a:tianocore:edk2:202002
-
cpe:2.3:a:tianocore:edk2:202005
-
cpe:2.3:a:tianocore:edk2:202008
-
cpe:2.3:a:tianocore:edk2:202011
-
cpe:2.3:a:tianocore:edk2:202102
-
cpe:2.3:a:tianocore:edk2:202105
-
cpe:2.3:a:tianocore:edk2:202108
-
cpe:2.3:a:tianocore:edk2:202111
-
cpe:2.3:a:tianocore:edk2:202202
-
cpe:2.3:a:tianocore:edk2:202205
-
cpe:2.3:a:tianocore:edk2:202208
-
cpe:2.3:a:tianocore:edk2:202211
-
cpe:2.3:a:tianocore:edk2:202302
-
cpe:2.3:a:tianocore:edk2:202305
-
cpe:2.3:a:tianocore:edk2:202308
-
cpe:2.3:a:tianocore:edk2:202311