Headline
RHSA-2023:0752: Red Hat Security Advisory: grub2 security update
An update for grub2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2601: A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.
- CVE-2022-3775: A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-14
Updated:
2023-02-14
RHSA-2023:0752 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: grub2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
- grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
- grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
- BZ - 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences
Red Hat Enterprise Linux for x86_64 9
SRPM
grub2-2.06-46.el9_1.3.src.rpm
SHA-256: f655235b0ac0cd6afd509846dc48f7073f423b5a387e61259cb62f02923624f5
x86_64
grub2-common-2.06-46.el9_1.3.noarch.rpm
SHA-256: af0f87b1ce6a6cec2090364cfaa36b0c6ab710623848efaff2fbd61bcb3e8a63
grub2-debuginfo-2.06-46.el9_1.3.x86_64.rpm
SHA-256: fce80649dfb30d1764e42af4863d1a0ab6da446c5c172153d03f96f535bd1250
grub2-debugsource-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 1700a080cb8d5dfbf1110df70a28e826b5ac7c22f872a5855f07f2db61e7481e
grub2-efi-aa64-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: dd8b069ff46a0672c179dd812610e33e2ecbec78ff11155559d9da2f0424988e
grub2-efi-x64-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 58a181ba90768be033b13afd9a25be7164ba40860140b7d91a93219424f51d69
grub2-efi-x64-cdboot-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 726b923c638b3b1fd245359367b39988126c934f99d34720b1589594fa6b2ea3
grub2-efi-x64-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: 8a75673aeac14074ba93c66135440a4489cc6297c6b2723d94b506b33d745688
grub2-emu-debuginfo-2.06-46.el9_1.3.x86_64.rpm
SHA-256: ab54b5d5815a48b131d30879fc1a8f82396eae476bdddd26967441e12025fac4
grub2-pc-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 2230e2b8201104f6555570f2d424d6d6b92f720d76bbfdb3dc18a72afb2170ac
grub2-pc-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: 35dc4af6bed7bf3c5251253f39d49f623a8e8a8f85c1fe173e5489f5084e9e7b
grub2-tools-2.06-46.el9_1.3.x86_64.rpm
SHA-256: a02280b108c84ffa6b24d019b0b2c228b79a46c017b5b772b75260cd2420cd45
grub2-tools-debuginfo-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 74585bfe8d73b6c536162517f158745083565ca60a051c311a9dd41408d1bdfd
grub2-tools-efi-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 7a5c61acc3265cfb759c0346af05db05884748bbea60ea043e6dfed4d607c1d2
grub2-tools-efi-debuginfo-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 5885dea415d6b34ada234787f1ad46699c97439d6becb42a76fceeb829febdd5
grub2-tools-extra-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 58858e2c9af2e22502caab600b8e98df8bd73f97b851bbbcc8308163aded5813
grub2-tools-extra-debuginfo-2.06-46.el9_1.3.x86_64.rpm
SHA-256: fd2b5275fe69dbd6cf7a50b5e6855f869a77e3d9680739f2a01466a88c3af938
grub2-tools-minimal-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 0a3138a6e0ef2dcf0457d39dbda4c86c6e905d0634bb65b8e1b5b1eb8b29d469
grub2-tools-minimal-debuginfo-2.06-46.el9_1.3.x86_64.rpm
SHA-256: 56cfefdd59d6b136ca6ab6e04f25cd355a4a170766b283e0de015f71497c9ec7
Red Hat Enterprise Linux for Power, little endian 9
SRPM
grub2-2.06-46.el9_1.3.src.rpm
SHA-256: f655235b0ac0cd6afd509846dc48f7073f423b5a387e61259cb62f02923624f5
ppc64le
grub2-common-2.06-46.el9_1.3.noarch.rpm
SHA-256: af0f87b1ce6a6cec2090364cfaa36b0c6ab710623848efaff2fbd61bcb3e8a63
grub2-debuginfo-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: 1b26f5f7591e19de1b1b2eb1e59b7c7dc5e64e4246adb83dab06aa6749cceceb
grub2-debugsource-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: 9b23d770be7244b325c0197b88bc61f798c201461570db82179326632246de8c
grub2-efi-aa64-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: dd8b069ff46a0672c179dd812610e33e2ecbec78ff11155559d9da2f0424988e
grub2-efi-x64-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: 8a75673aeac14074ba93c66135440a4489cc6297c6b2723d94b506b33d745688
grub2-ppc64le-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: d5167aac548371f0aab51e13a9d4bacefd8f9edfc7287bdcb751ae46cbde427e
grub2-ppc64le-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: da211c9cf7c06544841f506c1cf370a0258f894deb0ffa43c0aa1663fd1c2bc4
grub2-tools-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: 4a547a7ae6450d213e0f7adf3035610aaa62653e478135851c828d1b0c33028e
grub2-tools-debuginfo-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: ea39f4ec57ad1572831ff01e1e95909a288c28de61a9315beb0a7a8cebf017f0
grub2-tools-extra-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: 6338dceb62e4f42de5859d0e6f2561ff0c783248610526e08721614f6cf69898
grub2-tools-extra-debuginfo-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: 44582bfeee2d7b090bbd9550b6f4188d7458cd370edcb24956f0f441ea48e62e
grub2-tools-minimal-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: 08af47882acc7f53941f00bfe271b4ed7773eee05c26334e436a0617dc232619
grub2-tools-minimal-debuginfo-2.06-46.el9_1.3.ppc64le.rpm
SHA-256: 791d010d3fea8002bdd41bba968bf38d31c07dcba31c8b343c1f99415fb55e7d
Red Hat Enterprise Linux for ARM 64 9
SRPM
grub2-2.06-46.el9_1.3.src.rpm
SHA-256: f655235b0ac0cd6afd509846dc48f7073f423b5a387e61259cb62f02923624f5
aarch64
grub2-common-2.06-46.el9_1.3.noarch.rpm
SHA-256: af0f87b1ce6a6cec2090364cfaa36b0c6ab710623848efaff2fbd61bcb3e8a63
grub2-debuginfo-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 98dac652e99d153176952e576ffef7b0d1b8e0a833b573c5e7da5444a8de3fee
grub2-debugsource-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 5bcdacbab332e0fe7bd47b8d6920bd591d170d218a2b3023c2564306aeddafad
grub2-efi-aa64-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 421b6f45331af83879c591ec4597117cb79cc0547cd0c2c8304e219ffcea3e98
grub2-efi-aa64-cdboot-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 862c9ba264bed32697a1b25623fdb781b19a459a5887f7282bb3041a0142d7bf
grub2-efi-aa64-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: dd8b069ff46a0672c179dd812610e33e2ecbec78ff11155559d9da2f0424988e
grub2-efi-x64-modules-2.06-46.el9_1.3.noarch.rpm
SHA-256: 8a75673aeac14074ba93c66135440a4489cc6297c6b2723d94b506b33d745688
grub2-emu-debuginfo-2.06-46.el9_1.3.aarch64.rpm
SHA-256: d4fefbc74fc864ba8c0e47542abf4bd8ffa06a0749abdf8e3f2609b3973a42d3
grub2-tools-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 01ad589fecb73a17e4a2bc1a83cc8e2cf98fc86ebd76a5dd41f624cd2b3a7761
grub2-tools-debuginfo-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 26ac78f1080fd47a656a3c785bf46650270f6352531adaedec95120dea460bd4
grub2-tools-extra-2.06-46.el9_1.3.aarch64.rpm
SHA-256: cf8cb0cbc2f4df3983277e85ba7de3ca4c3b588221c57a846213971e02396727
grub2-tools-extra-debuginfo-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 82138d12b09fae010d199e2977b1a3581fa45bf239020a4175687f4c7fe61fa5
grub2-tools-minimal-2.06-46.el9_1.3.aarch64.rpm
SHA-256: 1dbc0cea94096759f9ca573d3eb22954ba8a1fdb649f4a4eab0de02b1e4601bf
grub2-tools-minimal-debuginfo-2.06-46.el9_1.3.aarch64.rpm
SHA-256: a83b1b7c6df4ce5bf4874ccd953c3b0dff47910308b43234a1f3825e9208f17f
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-2002-03 - An update for grub2 is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow and bypass vulnerabilities.
Gentoo Linux Security Advisory 202311-14 - Multiple vulnerabilities have been discovered in GRUB, which may lead to secure boot circumvention or code execution. Versions greater than or equal to 2.06-r9 are affected.
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain...
Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.
Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences