Unrated severityNVD Advisory· Published Jan 9, 2024· Updated Nov 3, 2025

Heap Buffer Overflow in Tcg2MeasurePeImage

CVE-2022-36764

Description

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.

Affected products

osv-coords5 versions
pkg:rpm/almalinux/edk2-aarch64 pkg:rpm/almalinux/edk2-ovmf pkg:rpm/almalinux/edk2-tools pkg:rpm/almalinux/edk2-tools-doc pkg:rpm/opensuse/ovmf&distro=openSUSE%20Tumbleweed
< 20231122-6.el9+ 4 more
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 202308-9.1
Tianocore/Edk2cpe-rescue
Range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000