2 matches found
CLSA-2025-1763122640 edk2: Fix of 3 CVEs
CVE-2022-36763: fix heap buffer overflow in TPM2 measure boot library when processing GPT partition tables - CVE-2022-36764: fix heap buffer overflow in TPM measure boot library when calculating PE image event size - CVE-2022-36765: fix integer overflow in CreateHob function that could lead to...
EDK2: heap buffer overflow in Tcg2MeasurePeImage()
A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage function in EDK2. Successful exploitation requires a local attacker to trigger an integer overflow in the calculation of the EventSize variable at DxeTpm2MeasureBootLib.c, leading to the heap-buffer overflow, presenting a...