CVE-2022-3775

Published: Dec 19, 2022Modified: May 27, 2026

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Affected (2)

Products: Gnu: Grub2 · Redhat: Enterprise Linux

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Grub2	Up to 2.06

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://access.redhat.com/security/cve/cve-2022-3775

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/202311-14

Source: secalert@redhat.com

https://access.redhat.com/security/cve/cve-2022-3775

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202311-14

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.