Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0752: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2601: A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.
  • CVE-2022-3775: A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes#perl#aws#buffer_overflow#auth

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-02-14

Updated:

2023-02-14

RHSA-2023:0752 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: grub2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grub2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

  • grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
  • grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
  • BZ - 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

Red Hat Enterprise Linux for x86_64 9

SRPM

grub2-2.06-46.el9_1.3.src.rpm

SHA-256: f655235b0ac0cd6afd509846dc48f7073f423b5a387e61259cb62f02923624f5

x86_64

grub2-common-2.06-46.el9_1.3.noarch.rpm

SHA-256: af0f87b1ce6a6cec2090364cfaa36b0c6ab710623848efaff2fbd61bcb3e8a63

grub2-debuginfo-2.06-46.el9_1.3.x86_64.rpm

SHA-256: fce80649dfb30d1764e42af4863d1a0ab6da446c5c172153d03f96f535bd1250

grub2-debugsource-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 1700a080cb8d5dfbf1110df70a28e826b5ac7c22f872a5855f07f2db61e7481e

grub2-efi-aa64-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: dd8b069ff46a0672c179dd812610e33e2ecbec78ff11155559d9da2f0424988e

grub2-efi-x64-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 58a181ba90768be033b13afd9a25be7164ba40860140b7d91a93219424f51d69

grub2-efi-x64-cdboot-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 726b923c638b3b1fd245359367b39988126c934f99d34720b1589594fa6b2ea3

grub2-efi-x64-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: 8a75673aeac14074ba93c66135440a4489cc6297c6b2723d94b506b33d745688

grub2-emu-debuginfo-2.06-46.el9_1.3.x86_64.rpm

SHA-256: ab54b5d5815a48b131d30879fc1a8f82396eae476bdddd26967441e12025fac4

grub2-pc-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 2230e2b8201104f6555570f2d424d6d6b92f720d76bbfdb3dc18a72afb2170ac

grub2-pc-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: 35dc4af6bed7bf3c5251253f39d49f623a8e8a8f85c1fe173e5489f5084e9e7b

grub2-tools-2.06-46.el9_1.3.x86_64.rpm

SHA-256: a02280b108c84ffa6b24d019b0b2c228b79a46c017b5b772b75260cd2420cd45

grub2-tools-debuginfo-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 74585bfe8d73b6c536162517f158745083565ca60a051c311a9dd41408d1bdfd

grub2-tools-efi-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 7a5c61acc3265cfb759c0346af05db05884748bbea60ea043e6dfed4d607c1d2

grub2-tools-efi-debuginfo-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 5885dea415d6b34ada234787f1ad46699c97439d6becb42a76fceeb829febdd5

grub2-tools-extra-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 58858e2c9af2e22502caab600b8e98df8bd73f97b851bbbcc8308163aded5813

grub2-tools-extra-debuginfo-2.06-46.el9_1.3.x86_64.rpm

SHA-256: fd2b5275fe69dbd6cf7a50b5e6855f869a77e3d9680739f2a01466a88c3af938

grub2-tools-minimal-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 0a3138a6e0ef2dcf0457d39dbda4c86c6e905d0634bb65b8e1b5b1eb8b29d469

grub2-tools-minimal-debuginfo-2.06-46.el9_1.3.x86_64.rpm

SHA-256: 56cfefdd59d6b136ca6ab6e04f25cd355a4a170766b283e0de015f71497c9ec7

Red Hat Enterprise Linux for Power, little endian 9

SRPM

grub2-2.06-46.el9_1.3.src.rpm

SHA-256: f655235b0ac0cd6afd509846dc48f7073f423b5a387e61259cb62f02923624f5

ppc64le

grub2-common-2.06-46.el9_1.3.noarch.rpm

SHA-256: af0f87b1ce6a6cec2090364cfaa36b0c6ab710623848efaff2fbd61bcb3e8a63

grub2-debuginfo-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: 1b26f5f7591e19de1b1b2eb1e59b7c7dc5e64e4246adb83dab06aa6749cceceb

grub2-debugsource-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: 9b23d770be7244b325c0197b88bc61f798c201461570db82179326632246de8c

grub2-efi-aa64-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: dd8b069ff46a0672c179dd812610e33e2ecbec78ff11155559d9da2f0424988e

grub2-efi-x64-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: 8a75673aeac14074ba93c66135440a4489cc6297c6b2723d94b506b33d745688

grub2-ppc64le-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: d5167aac548371f0aab51e13a9d4bacefd8f9edfc7287bdcb751ae46cbde427e

grub2-ppc64le-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: da211c9cf7c06544841f506c1cf370a0258f894deb0ffa43c0aa1663fd1c2bc4

grub2-tools-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: 4a547a7ae6450d213e0f7adf3035610aaa62653e478135851c828d1b0c33028e

grub2-tools-debuginfo-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: ea39f4ec57ad1572831ff01e1e95909a288c28de61a9315beb0a7a8cebf017f0

grub2-tools-extra-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: 6338dceb62e4f42de5859d0e6f2561ff0c783248610526e08721614f6cf69898

grub2-tools-extra-debuginfo-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: 44582bfeee2d7b090bbd9550b6f4188d7458cd370edcb24956f0f441ea48e62e

grub2-tools-minimal-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: 08af47882acc7f53941f00bfe271b4ed7773eee05c26334e436a0617dc232619

grub2-tools-minimal-debuginfo-2.06-46.el9_1.3.ppc64le.rpm

SHA-256: 791d010d3fea8002bdd41bba968bf38d31c07dcba31c8b343c1f99415fb55e7d

Red Hat Enterprise Linux for ARM 64 9

SRPM

grub2-2.06-46.el9_1.3.src.rpm

SHA-256: f655235b0ac0cd6afd509846dc48f7073f423b5a387e61259cb62f02923624f5

aarch64

grub2-common-2.06-46.el9_1.3.noarch.rpm

SHA-256: af0f87b1ce6a6cec2090364cfaa36b0c6ab710623848efaff2fbd61bcb3e8a63

grub2-debuginfo-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 98dac652e99d153176952e576ffef7b0d1b8e0a833b573c5e7da5444a8de3fee

grub2-debugsource-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 5bcdacbab332e0fe7bd47b8d6920bd591d170d218a2b3023c2564306aeddafad

grub2-efi-aa64-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 421b6f45331af83879c591ec4597117cb79cc0547cd0c2c8304e219ffcea3e98

grub2-efi-aa64-cdboot-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 862c9ba264bed32697a1b25623fdb781b19a459a5887f7282bb3041a0142d7bf

grub2-efi-aa64-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: dd8b069ff46a0672c179dd812610e33e2ecbec78ff11155559d9da2f0424988e

grub2-efi-x64-modules-2.06-46.el9_1.3.noarch.rpm

SHA-256: 8a75673aeac14074ba93c66135440a4489cc6297c6b2723d94b506b33d745688

grub2-emu-debuginfo-2.06-46.el9_1.3.aarch64.rpm

SHA-256: d4fefbc74fc864ba8c0e47542abf4bd8ffa06a0749abdf8e3f2609b3973a42d3

grub2-tools-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 01ad589fecb73a17e4a2bc1a83cc8e2cf98fc86ebd76a5dd41f624cd2b3a7761

grub2-tools-debuginfo-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 26ac78f1080fd47a656a3c785bf46650270f6352531adaedec95120dea460bd4

grub2-tools-extra-2.06-46.el9_1.3.aarch64.rpm

SHA-256: cf8cb0cbc2f4df3983277e85ba7de3ca4c3b588221c57a846213971e02396727

grub2-tools-extra-debuginfo-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 82138d12b09fae010d199e2977b1a3581fa45bf239020a4175687f4c7fe61fa5

grub2-tools-minimal-2.06-46.el9_1.3.aarch64.rpm

SHA-256: 1dbc0cea94096759f9ca573d3eb22954ba8a1fdb649f4a4eab0de02b1e4601bf

grub2-tools-minimal-debuginfo-2.06-46.el9_1.3.aarch64.rpm

SHA-256: a83b1b7c6df4ce5bf4874ccd953c3b0dff47910308b43234a1f3825e9208f17f

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-2002-03

Red Hat Security Advisory 2024-2002-03 - An update for grub2 is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow and bypass vulnerabilities.

Gentoo Linux Security Advisory 202311-14

Gentoo Linux Security Advisory 202311-14 - Multiple vulnerabilities have been discovered in GRUB, which may lead to secure boot circumvention or code execution. Versions greater than or equal to 2.06-r9 are affected.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

RHSA-2023:0795: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0049-01

Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2023-0049-01

Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

RHSA-2023:0047: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2023:0047: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2023:0048: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2023:0048: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

CVE-2022-2601: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

Red Hat Security Advisory 2022-8978-01

Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2022-8978-01

Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

RHSA-2022:8978: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2022:8978: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2022:8800: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain...

Red Hat Security Advisory 2022-8494-01

Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2022-8494-01

Red Hat Security Advisory 2022-8494-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Debian Security Advisory 5280-1

Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.

Debian Security Advisory 5280-1

Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.

RHSA-2022:8494: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences

RHSA-2022:8494: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2601: grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass * CVE-2022-3775: grub2: Heap based out-of-bounds write when redering certain unicode sequences