CVE-2022-36765
Integer Overflow in CreateHob
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
EDK2 es susceptible a una vulnerabilidad en la función CreateHob(), lo que permite a un usuario activar un desbordamiento de enteros para desbordar el búfer a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad.
A flaw was found in the CreateHob() function in EDK2. An attacker, leveraging a local network, can initiate an integer overflow leading to a buffer overflow. This issue arises during size alignment within the CreateHob() function, requiring activation in the PEI phase. Successful exploitation of this flaw poses a moderate threat to confidentiality and integrity, however, the primary consequence is likely a crash or denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-25 CVE Reserved
- 2024-01-09 CVE Published
- 2024-01-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-36765 | 2024-07-23 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2257584 | 2024-07-23 |