CVE-2022-3775
Published: 19 December 2022
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Notes
Author | Note |
---|---|
eslerm | grub2-unsigned contains Secure Boot security fixes the grub2 package unlikely affects Ubuntu's Secure Boot grub2 and grub2-unsigned should have same major version Ubuntu Secure Boot and ESM do not cover i386 trusty's GA kernel cannot handle new versions of grub |
eslerm | Note that key revocation is required to protect against evil housekeeper attacks (such as BlackLotus) |
Priority
Status
Package | Release | Status |
---|---|---|
grub2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(does not affect Secure Boot)
|
focal |
Not vulnerable
(does not affect Secure Boot)
|
|
jammy |
Not vulnerable
(does not affect Secure Boot)
|
|
kinetic |
Not vulnerable
(does not affect Secure Boot)
|
|
lunar |
Not vulnerable
(does not affect Secure Boot)
|
|
mantic |
Not vulnerable
(does not affect Secure Boot)
|
|
noble |
Not vulnerable
(does not affect Secure Boot)
|
|
trusty |
Not vulnerable
(does not affect Secure Boot)
|
|
upstream |
Released
(2.06-5)
|
|
xenial |
Not vulnerable
(does not affect Secure Boot)
|
|
grub2-signed Launchpad, Ubuntu, Debian |
bionic |
Released
(1.187.3~18.04.1)
|
focal |
Released
(1.187.3~20.04.1)
|
|
jammy |
Released
(1.187.3~22.04.1)
|
|
kinetic |
Ignored
(end of life)
|
|
lunar |
Not vulnerable
(1.192)
|
|
mantic |
Not vulnerable
(1.193)
|
|
noble |
Not vulnerable
(1.193)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
grub2-unsigned Launchpad, Ubuntu, Debian |
bionic |
Released
(2.06-2ubuntu14.1)
|
focal |
Released
(2.06-2ubuntu14)
|
|
jammy |
Released
(2.06-2ubuntu14)
|
|
kinetic |
Ignored
(end of life)
|
|
lunar |
Released
(2.06-2ubuntu15)
|
|
mantic |
Not vulnerable
(2.12~rc1-10ubuntu4)
|
|
noble |
Not vulnerable
(2.12~rc1-12ubuntu2)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.1 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |