Out-of-Bounds Write Vulnerability in GRUB2 Affecting Red Hat Products
CVE-2022-3775

7.1HIGH

Key Information:

Vendor: Gnu
Status: Grub2
Vendor: CVE Published:; 19 December 2022

Summary

The vulnerability in the GRUB2 bootloader arises from improper validation of the dimensions of unicode glyphs during font rendering. This flaw can be exploited by an attacker to input manipulated data, resulting in an out-of-bounds write into the GRUB2 heap. Such memory corruption may lead to system instability and, in complex scenarios, could potentially allow for arbitrary code execution.

Affected Version(s)

grub2 All up to 2.06

References

https://access.redhat.com/security/cve/cve-2022-3775

https://security.gentoo.org/glsa/202311-14

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Oct 31, 2022