Launchpad CVE tracker

CVE 2022-36765

EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

Related bugs and status

CVE-2022-36765 (Candidate) is related to these bugs:

Bug #2040137: exposing the EFI shell in Secure Boot mode can lead to security bypass

		In	Importance	Status
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Focal)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Focal)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Noble)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Noble)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Jammy)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Jammy)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Mantic)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Mantic)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-36765

References