First published: Tue Jan 09 2024(Updated: )
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Credit: infosec@edk2.groups.io infosec@edk2.groups.io
Affected Software | Affected Version | How to fix |
---|---|---|
Tianocore EDK2 | <=202311 | |
ubuntu/edk2 | <0~20191122. | 0~20191122. |
ubuntu/edk2 | <2022.02-3ubuntu0.22.04.2 | 2022.02-3ubuntu0.22.04.2 |
ubuntu/edk2 | <2023.05-2ubuntu0.1 | 2023.05-2ubuntu0.1 |
debian/edk2 | <=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6 | 2022.11-6+deb12u1 2024.02-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.