CVE-2022-2601
8.6
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 6.0
Source: NVD
Description
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Affected (12)
Products: Gnu: Grub2 · Fedoraproject: Fedora · Redhat: Enterprise Linux Eus, Enterprise Linux For Power Little Endian Eus, Enterprise Linux Server Aus, Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions, Enterprise Linux Server Tus, Enterprise Linux Server Update Services For Sap Solutions
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 37 | |
| Version 9.0 | |
| Version 9.0 | |
| Version 8.2 | |
| Version 8.1 | |
| Version 8.2 | |
| Version 8.1 |
Related CWEs
CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (7)
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.