CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36764 – Heap Buffer Overflow in Tcg2MeasurePeImage
https://notcve.org/view.php?id=CVE-2022-36764
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. EDK2 es susceptible a una vulnerabilidad en la función Tcg2MeasurePeImage(), lo que permite a un usuario desencadenar un desbordamiento de búfer de almacenamiento dinámico a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad. A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage() function in EDK2. • https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ https://access.redhat.com/security/cve/CVE-2022-36764 https://bugzilla.redhat.com/show_bug.cgi?id=2257583 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36763 – Heap Buffer Overflow in Tcg2MeasureGptTable
https://notcve.org/view.php?id=CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. EDK2 es susceptible a una vulnerabilidad en la función Tcg2MeasureGptTable(), lo que permite a un usuario desencadenar un desbordamiento de búfer de almacenamiento dinámico a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad. A heap buffer overflow flaw was found via the Tcg2MeasureGptTable() function in EDK2, arising from inadequate validation of the GPT Primary Header, presenting a minor risk to confidentiality and integrity. • https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ https://access.redhat.com/security/cve/CVE-2022-36763 https://bugzilla.redhat.com/show_bug.cgi?id=2257582 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-38578 – edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation
https://notcve.org/view.php?id=CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=3387 https://www.insyde.com/security-pledge/SA-2023024 https://access.redhat.com/security/cve/CVE-2021-38578 https://bugzilla.redhat.com/show_bug.cgi?id=1960321 • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38575 – edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe
https://notcve.org/view.php?id=CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. NetworkPkg/IScsiDxe presenta unos desbordamientos de búfer explotables de forma remota A flaw was found in edk2. Missing checks in the IScsiHexToBin function in NetworkPkg/IScsiDxe lead to a buffer overflow allowing a remote attacker, who can inject himself in the communication between edk2 and the iSCSI target, to write arbitrary data to any address in the edk2 firmware and potentially execute code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=3356 https://www.insyde.com/security-pledge/SA-2023025 https://access.redhat.com/security/cve/CVE-2021-38575 https://bugzilla.redhat.com/show_bug.cgi?id=1956284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28210 – edk2: unlimited FV recursion, round 2
https://notcve.org/view.php?id=CVE-2021-28210
An unlimited recursion in DxeCore in EDK II. Una recursión ilimitada en la función DxeCore en EDK II A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=1743 https://access.redhat.com/security/cve/CVE-2021-28210 https://bugzilla.redhat.com/show_bug.cgi?id=1883552 • CWE-674: Uncontrolled Recursion •