suse · CVE-2022-36764

Quick triage

Priority: high Published: 2024-01-11 00:30:23 UTC Updated: 2026-03-05 04:38:51 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-36764 severity important: SUSE including 29 source package names (edk2-ovmf-20220126gitbb1bba3d77-13.el8_10, edk2-ovmf-20231122-6.el9, …), 235 product×package rows across 69 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE CaaS Platform 4.0, … (69 product lines)): Known Not Affected 213, Fixed 22.

Description:

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

cvelogic Threat Intelligence