Описание
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | grub2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | grub2 | Fixed | RHSA-2023:0049 | 09.01.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | grub2 | Fixed | RHSA-2022:8494 | 16.11.2022 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | grub2 | Fixed | RHSA-2022:8800 | 06.12.2022 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | grub2 | Fixed | RHSA-2022:8800 | 06.12.2022 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | grub2 | Fixed | RHSA-2022:8800 | 06.12.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | grub2 | Fixed | RHSA-2023:0047 | 09.01.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | grub2 | Fixed | RHSA-2023:0048 | 09.01.2023 |
| Red Hat Enterprise Linux 9 | grub2 | Fixed | RHSA-2023:0752 | 14.02.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | grub2 | Fixed | RHSA-2022:8978 | 13.12.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences
When rendering certain unicode sequences, grub2's font code doesn't pr ...
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
EPSS
7.1 High
CVSS3