View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2022-36764 severity important: SUSE including 29 source package names (edk2-ovmf-20220126gitbb1bba3d77-13.el8_10, edk2-ovmf-20231122-6.el9, …), 235 product×package rows across 69 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE CaaS Platform 4.0, … (69 product lines)): Known Not Affected 213, Fixed 22.
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.