CVE-2021-3695

Summary

CVE	CVE-2021-3695
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-06 16:15:00 UTC
Updated	2023-09-13 16:15:00 UTC
Description	A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	36	All	All	All
Application	Gnu	Grub	All	All	All	All
Application	Gnu	Grub2	All	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Redhat	Codeready Linux Builder	-	All	All	All
Application	Redhat	Developer Tools	1.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.1	All	All	All
Operating System	Redhat	Enterprise Linux	8.4	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Eus	9.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Eus	9.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian	8.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian	9.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	9.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.6	All	All	All
Application	Redhat	Openshift	3.0	All	All	All
Application	Redhat	Openshift Container Platform	4.10	All	All	All
Application	Redhat	Openshift Container Platform	4.6	All	All	All
Application	Redhat	Openshift Container Platform	4.9	All	All	All

References

Reference	Source	Link	Tags
July 2022 Grub Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
1991685 – (CVE-2021-3695) CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap	MISC	bugzilla.redhat.com
GRUB: Multiple Vulnerabilities (GLSA 202209-12) — Gentoo security	GENTOO	security.gentoo.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159883 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9471)
159884 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9469)
159943 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-5099)
159967 Oracle Enterprise Linux Security Update for grub2, mokutil, shim, and shim-unsigned-x64 (ELSA-2022-5095)
159985 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9596)
159986 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9595)
161027 Oracle Enterprise Linux Security Update for grub2 (ELSA-2023-12952)
181022 Debian Security Update for grub2 (CVE-2021-3695)
240473 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5100)
240474 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5099)
240476 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5096)
240477 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5095)
282811 Fedora Security Update for grub2 (FEDORA-2022-27932fdd06)
282866 Fedora Security Update for grub2 (FEDORA-2022-9b4f9af4ce)
354332 Amazon Linux Security Advisory for grub2 : ALAS2022-2022-109
354535 Amazon Linux Security Advisory for grub2 : ALAS-2022-109
355137 Amazon Linux Security Advisory for grub2 : ALAS2023-2023-020
355617 Amazon Linux Security Advisory for grub2 : ALAS2-2023-2146
377130 Alibaba Cloud Linux Security Update for grub2, mokutil, shim, and shim-unsigned-x64 (ALINUX3-SA-2022:0134)
377622 Alibaba Cloud Linux Security Update for grub2, mokutil, shim, and shim-unsigned-x64 (ALINUX3-SA-2022:0164)
672021 EulerOS Security Update for grub2 (EulerOS-SA-2022-2242)
672026 EulerOS Security Update for grub2 (EulerOS-SA-2022-2221)
672031 EulerOS Security Update for grub2 (EulerOS-SA-2022-2255)
672032 EulerOS Security Update for grub2 (EulerOS-SA-2022-2268)
672109 EulerOS Security Update for grub2 (EulerOS-SA-2022-2318)
672131 EulerOS Security Update for grub2 (EulerOS-SA-2022-2289)
672248 EulerOS Security Update for grub2 (EulerOS-SA-2022-2611)
710619 Gentoo Linux GRUB Multiple Vulnerabilities (GLSA 202209-12)
752214 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2037-1)
752215 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2041-1)
752216 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2036-1)
752217 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2035-1)
752218 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2038-1)
752221 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2064-1)
752229 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2074-1)
907566 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (31034-1)
940639 AlmaLinux Security Update for grub2, (ALSA-2022:5095)
940640 AlmaLinux Security Update for grub2, (ALSA-2022:5099)
960155 Rocky Linux Security Update for grub2, (RLSA-2022:5095)
960538 Rocky Linux Security Update for grub2, (RLSA-2022:5099)