Fluid Attacks Database

Description

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	edk2	=2020.11-2 \|\| =2020.11-2+deb11u1 \|\| =2020.11-2+deb11u2 \|\| >=0 <2020.11-2+deb11u3	2020.11-2+deb11u3
debian 12	edk2	=2022.11-6 \|\| >=0 <2022.11-6+deb12u1	2022.11-6+deb12u1
debian 13	edk2	>=0 <2023.11-5	2023.11-5
debian 14	edk2	>=0 <2023.11-5	2023.11-5
rpm rhel8	edk2	<0:20220126gitbb1bba3d77-13.el8_10	0:20220126gitbb1bba3d77-13.el8_10
rpm rhel9	edk2	<0:20231122-6.el9	0:20231122-6.el9

Aliases

1. CVE-2022-367632. NVD-2022-367633. OSV-DEBIAN-2022-367634. OSV-2022-367635. SECURITY-TRACKER-CVE-2022-36763

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.