Description
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References (3)
Core 3
Core References
Third Party Advisory
https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
Scores
CVSS v3
7.0
EPSS
0.0004
EPSS Percentile
11.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-122
Status
published
Products (1)
tianocore/edk2
< 202311
Published
Jan 09, 2024
Tracked Since
Feb 18, 2026