5 matches found
OESA-2024-2023 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful...
EDK2: heap buffer overflow in Tcg2MeasureGptTable()
A heap buffer overflow flaw was found via the Tcg2MeasureGptTable function in EDK2, arising from inadequate validation of the GPT Primary Header, presenting a minor risk to confidentiality and integrity. The primary consequence is likely a crash or denial of service. This issue may allow a local...
Oracle Linux 8 : edk2 (ELSA-2024-12343)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12343 advisory. - Create new 20240227 release for OL8 which includes the following fixed CVEs: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232...
SUSE CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...
AZL-39247 CVE-2022-36763 affecting package edk2 for versions less than 20230301gitf80f052277c8-40
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...