CVE-2022-3775
Summary
| CVE | CVE-2022-3775 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-12-19 20:15:00 UTC |
|---|
| Updated | 2023-11-25 12:15:00 UTC |
|---|
| Description | When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| GRUB: Multiple Vulnerabilities (GLSA 202311-14) — Gentoo security |
|
security.gentoo.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160386 Oracle Enterprise Linux Security Update for grub2 (ELSA-2023-12019)
- 160437 Oracle Enterprise Linux Security Update for grub2 (ELSA-2023-0049)
- 160730 Oracle Enterprise Linux Security Update for grub2 (ELSA-2023-0752)
- 181216 Debian Security Update for grub2 (DSA 5280-1)
- 181218 Debian Security Update for grub2 (DLA 3190-1)
- 181312 Debian Security Update for grub2 (DLA 3190-2)
- 182045 Debian Security Update for grub2 (CVE-2022-3775)
- 241007 Red Hat Update for grub2 (RHSA-2022:8978)
- 241037 Red Hat Update for grub2 (RHSA-2023:0047)
- 241040 Red Hat Update for grub2 (RHSA-2023:0048)
- 241042 Red Hat Update for grub2 (RHSA-2023:0049)
- 241185 Red Hat Update for grub2 (RHSA-2023:0752)
- 283350 Fedora Security Update for grub2 (FEDORA-2022-f86e203baf)
- 283365 Fedora Security Update for grub2 (FEDORA-2022-7ce9378e90)
- 283416 Fedora Security Update for grub2 (FEDORA-2022-dec4cdacd7)
- 355137 Amazon Linux Security Advisory for grub2 : ALAS2023-2023-020
- 355617 Amazon Linux Security Advisory for grub2 : ALAS2-2023-2146
- 377900 Alibaba Cloud Linux Security Update for grub2 (ALINUX3-SA-2023:0003)
- 672656 EulerOS Security Update for grub2 (EulerOS-SA-2023-1386)
- 672662 EulerOS Security Update for grub2 (EulerOS-SA-2023-1358)
- 672671 EulerOS Security Update for grub2 (EulerOS-SA-2023-1407)
- 672693 EulerOS Security Update for grub2 (EulerOS-SA-2023-1422)
- 672717 EulerOS Security Update for grub2 (EulerOS-SA-2023-1443)
- 672766 EulerOS Security Update for grub2 (EulerOS-SA-2023-1468)
- 672880 EulerOS Security Update for grub2 (EulerOS-SA-2023-1595)
- 710796 Gentoo Linux GRUB Multiple Vulnerabilities (GLSA 202311-14)
- 752845 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:4219-1)
- 752900 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:4218-1)
- 752909 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:4141-1)
- 752923 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:4140-1)
- 752932 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:4142-1)
- 752964 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:4302-1)
- 904743 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (12080)
- 904761 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (12079)
- 905656 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (12080-1)
- 906578 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (12080-3)
- 907025 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (12079-1)
- 940866 AlmaLinux Security Update for grub2 (ALSA-2023:0049)
- 940924 AlmaLinux Security Update for grub2 (ALSA-2023:0752)
- 960514 Rocky Linux Security Update for grub2 (RLSA-2023:0049)
- 960577 Rocky Linux Security Update for grub2 (RLSA-2023:0752)
