Vulnerability CVE-2022-3775: Information

Description

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-3775
Published: Dec. 19, 2022
Modified: Nov. 25, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
grubsisyphus2.06-alt92.06-alt19ALT-PU-2023-1427-1313903Fixed
grubp102.06-alt162.06-alt17ALT-PU-2023-6074-2323459Fixed
grubp92.02-alt29.qa52.02-alt29.qa5ALT-PU-2023-5782-3330035Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/cve-2022-3775
  • Third Party Advisory
GLSA-202311-14

      1. Configuration 1

        cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
        End including
        2.06

        Configuration 2

        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top