Описание
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| edk2 | fixed | 2023.11-5 | package | |
| edk2 | fixed | 2022.11-6+deb12u1 | bookworm | package |
| edk2 | no-dsa | buster | package |
Примечания
https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx
https://bugzilla.tianocore.org/show_bug.cgi?id=4166
https://github.com/tianocore/edk2/issues/10299
EPSS
Связанные уязвимости
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Уязвимость функции createhob() библиотеки Tianocore EDK2 , вызванная переполнением буфера, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS