Headline
RHSA-2023:0049: Red Hat Security Advisory: grub2 security update
An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
- CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-09
Updated:
2023-01-09
RHSA-2023:0049 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: grub2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
- grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
- grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
- BZ - 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences
Red Hat Enterprise Linux for x86_64 8
SRPM
grub2-2.02-142.el8_7.1.src.rpm
SHA-256: 395ebae5c3bd01c098c17ce8dd3abf8b3b57c3ad21bf53554923a23171eeff29
x86_64
grub2-common-2.02-142.el8_7.1.noarch.rpm
SHA-256: 93437d5082beac210741eef2abd9007be80579d06b0aeffc46ce8ad3466c8188
grub2-debuginfo-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 9e65b7dd778c94782f5f0dc807bac5be7ef88251813d38152c67dc5beded4ac8
grub2-debugsource-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 4d56faa5b3d17c243129c6334b89158cf9aada1b0ac125e3537ccea2d3da47c2
grub2-efi-aa64-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 890dfa93540862b893435e173a011e5e2fb796e44bcc62f47d84b01ccf784625
grub2-efi-ia32-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 411c94740b885aef2deae8b6753f15eccb6c6bed0fed16fe884809f7ece16454
grub2-efi-ia32-cdboot-2.02-142.el8_7.1.x86_64.rpm
SHA-256: fc6afc7d82b22f4e4d51bc0df91770878d11276a2f456f34336550d8319893f3
grub2-efi-ia32-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 5bb7f0f3504b9924e0c7255b071fb11f5bbcc5aa5206e914d2d0f2dba84bcc25
grub2-efi-x64-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 4b4b4333e6bcb7ab6d0d72d7507520938b1dc6c9903a35d787c9396e3f09ce00
grub2-efi-x64-cdboot-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 4f6b018800edb2aee2b9ee63e11fb0402aefcbcb2675f99b35370b0fc0178ffd
grub2-efi-x64-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: ba601c61a0f7b5df8d52e09145e21f3bcfe7586b1a9156f00f1bb3b4067a8818
grub2-pc-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 0ce5d7a7d383bcf67d100e9e40f338d1efff3dfbee98809a4e577082befc7372
grub2-pc-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 4f37be2dcde30345f82230d0e3d29653b61df3d136171446b23ae36912bf23e7
grub2-ppc64le-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: fdd16dced9172d506bb7f18b2074cdd94f9b5c9d3d1cf3f7ca041dbd0d9af4d4
grub2-tools-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 1ca4ca2b74c51427351f99bc08b75162be21ca071414ee8ce78cfbdf689dfa86
grub2-tools-debuginfo-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 4bb50f8bc88c0452d16af1db1f6a5dd35c6887471d452bf21e5c390e277e7770
grub2-tools-efi-2.02-142.el8_7.1.x86_64.rpm
SHA-256: ef135a9498dad2bb5aaa4ecef808b4ce5bccd9169691b8fb1c83e5c3f0f33f92
grub2-tools-efi-debuginfo-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 3ecfbe89cf303b4fd82d886f6e476b6e73188e996a6bc7ab4f0638fd6e7ffe7d
grub2-tools-extra-2.02-142.el8_7.1.x86_64.rpm
SHA-256: ef628647e7da1a40a2cde696b6d7dd870bd5ef2dbff4b8de7eb2a20257598d9c
grub2-tools-extra-debuginfo-2.02-142.el8_7.1.x86_64.rpm
SHA-256: ed68c17737f40598e64edc053f205b090d0237fa16d64e79f3001dd5ac279894
grub2-tools-minimal-2.02-142.el8_7.1.x86_64.rpm
SHA-256: c53363e7fc684706bb2125bcf9f35335fc42e59d55517d4b0c32dda459fcc884
grub2-tools-minimal-debuginfo-2.02-142.el8_7.1.x86_64.rpm
SHA-256: 5de9a69782da96b34a1c1417d47f7281855c3f9b0ecbdf0b87968f88e2708ace
Red Hat Enterprise Linux for Power, little endian 8
SRPM
grub2-2.02-142.el8_7.1.src.rpm
SHA-256: 395ebae5c3bd01c098c17ce8dd3abf8b3b57c3ad21bf53554923a23171eeff29
ppc64le
grub2-common-2.02-142.el8_7.1.noarch.rpm
SHA-256: 93437d5082beac210741eef2abd9007be80579d06b0aeffc46ce8ad3466c8188
grub2-debuginfo-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 50a35417fdc3b1b605060723a399b68989e84310ff4f1341e133e4adddbd44c9
grub2-debugsource-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 4a112d35916a149c79aa6a7c4957078e3781b7a4afb755563916f22ce29b1091
grub2-efi-aa64-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 890dfa93540862b893435e173a011e5e2fb796e44bcc62f47d84b01ccf784625
grub2-efi-ia32-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 5bb7f0f3504b9924e0c7255b071fb11f5bbcc5aa5206e914d2d0f2dba84bcc25
grub2-efi-x64-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: ba601c61a0f7b5df8d52e09145e21f3bcfe7586b1a9156f00f1bb3b4067a8818
grub2-pc-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 4f37be2dcde30345f82230d0e3d29653b61df3d136171446b23ae36912bf23e7
grub2-ppc64le-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 64532fee5ce718805c4e6952a77708eb73a27faa145e2d49540d80e88c2b4019
grub2-ppc64le-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: fdd16dced9172d506bb7f18b2074cdd94f9b5c9d3d1cf3f7ca041dbd0d9af4d4
grub2-tools-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 9e26246ee9b7676f852d5107d613c9dfe6b9b0901e0de03b19fdc362e15ba35c
grub2-tools-debuginfo-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 2874af9045023943acb9cae5f3571b932c3edd2d4b610b8ed283807f8a1d8afd
grub2-tools-extra-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 0619cb2fdd4ba69d64804a55b07168a07e2e64ad180491ce42a2b9286324c866
grub2-tools-extra-debuginfo-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: a7f398c7d9b4cecbe5ae5b8ce91d064967f9c88209267ff0b5f141863d06e964
grub2-tools-minimal-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 7703788139fd03aa47fe15969410fe9f00225ab0f1d71b658559e9d1a4d57337
grub2-tools-minimal-debuginfo-2.02-142.el8_7.1.ppc64le.rpm
SHA-256: 39fa98962636d14f04e255289621ed18d3192b6ef582cfd2b18a22419e1c1520
Red Hat Enterprise Linux for ARM 64 8
SRPM
grub2-2.02-142.el8_7.1.src.rpm
SHA-256: 395ebae5c3bd01c098c17ce8dd3abf8b3b57c3ad21bf53554923a23171eeff29
aarch64
grub2-common-2.02-142.el8_7.1.noarch.rpm
SHA-256: 93437d5082beac210741eef2abd9007be80579d06b0aeffc46ce8ad3466c8188
grub2-debuginfo-2.02-142.el8_7.1.aarch64.rpm
SHA-256: 095cc1885d44718ecca0cccbac99c28513c425acf883a8ddde954d9a4b002686
grub2-debugsource-2.02-142.el8_7.1.aarch64.rpm
SHA-256: 31fa84f9f12232c3b2c6c497b16518d42f0665904ec1f8456ad5a78a4a03d08e
grub2-efi-aa64-2.02-142.el8_7.1.aarch64.rpm
SHA-256: 93cb262f0ccb25b4fe87ce21995f4acefdcad37fc008e49fcebe0e38512fda7d
grub2-efi-aa64-cdboot-2.02-142.el8_7.1.aarch64.rpm
SHA-256: e7aa2d5c519d86670ae939480ca46b6bd3d90af955773e1df4fa6f50ffba3bba
grub2-efi-aa64-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 890dfa93540862b893435e173a011e5e2fb796e44bcc62f47d84b01ccf784625
grub2-efi-ia32-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 5bb7f0f3504b9924e0c7255b071fb11f5bbcc5aa5206e914d2d0f2dba84bcc25
grub2-efi-x64-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: ba601c61a0f7b5df8d52e09145e21f3bcfe7586b1a9156f00f1bb3b4067a8818
grub2-pc-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: 4f37be2dcde30345f82230d0e3d29653b61df3d136171446b23ae36912bf23e7
grub2-ppc64le-modules-2.02-142.el8_7.1.noarch.rpm
SHA-256: fdd16dced9172d506bb7f18b2074cdd94f9b5c9d3d1cf3f7ca041dbd0d9af4d4
grub2-tools-2.02-142.el8_7.1.aarch64.rpm
SHA-256: 1d2ad280ed4b53bb32ed090834e1b0cf486e6f1d3a196e2ddaad43381f7113b0
grub2-tools-debuginfo-2.02-142.el8_7.1.aarch64.rpm
SHA-256: d21ea9abd54f9dc7d2eb7e500bde72a359f54c2bef4e03154fd8802ab6d88aff
grub2-tools-extra-2.02-142.el8_7.1.aarch64.rpm
SHA-256: 3d11f7799b31005d711f2afc27b9436a3345d519095fa42ee80ec79a5d1acb80
grub2-tools-extra-debuginfo-2.02-142.el8_7.1.aarch64.rpm
SHA-256: 23dfc8a05f4282a6a65143c556c71d0bf029920548ffdb2fb1f6fdf5610f1940
grub2-tools-minimal-2.02-142.el8_7.1.aarch64.rpm
SHA-256: 13cd7464dd6bed35a4c9c9d4d317ba5bec987d75ece3c05a87df8310c1c799f1
grub2-tools-minimal-debuginfo-2.02-142.el8_7.1.aarch64.rpm
SHA-256: cf26b8a2615eb464cf68de6f7fbf4bfc617a21e49830ca05bb348b6cc8f2af34
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-2002-03 - An update for grub2 is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow and bypass vulnerabilities.
Gentoo Linux Security Advisory 202311-14 - Multiple vulnerabilities have been discovered in GRUB, which may lead to secure boot circumvention or code execution. Versions greater than or equal to 2.06-r9 are affected.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat Security Advisory 2023-0752-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
Red Hat Security Advisory 2022-8800-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain...
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain...
Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.
Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences