Oval Definition:oval:org.opensuse.security:def:20222601
Revision Date:2023-06-22Version:1
Title:CVE-2022-2601
Description:

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-2601
SUSE CVE-2022-2601
SUSE-SU-2022:4140-1
SUSE-SU-2022:4141-1
SUSE-SU-2022:4142-1
SUSE-SU-2022:4143-1
SUSE-SU-2022:4144-1
SUSE-SU-2022:4218-1
SUSE-SU-2022:4219-1
SUSE-SU-2022:4302-1
SUSE-IU-2022:1143-1
SUSE-IU-2022:1144-1
SUSE-IU-2022:1145-1
SUSE-IU-2022:1146-1
SUSE-IU-2022:1147-1
SUSE-IU-2022:1149-1
SUSE-SU-2023:1701-1
TID000021048
Platform(s):openSUSE Leap Micro 5.3
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • openSUSE Leap Micro 5.3 is installed
  • AND Package Information
  • grub2-2.06-150400.11.17.1 is installed
  • AND grub2 is signed with openSUSE key
  • OR
  • grub2-arm64-efi-2.06-150400.11.17.1 is installed
  • AND grub2-arm64-efi is signed with openSUSE key
  • OR
  • grub2-i386-pc-2.06-150400.11.17.1 is installed
  • AND grub2-i386-pc is signed with openSUSE key
  • OR
  • grub2-snapper-plugin-2.06-150400.11.17.1 is installed
  • AND grub2-snapper-plugin is signed with openSUSE key
  • OR
  • grub2-x86_64-efi-2.06-150400.11.17.1 is installed
  • AND grub2-x86_64-efi is signed with openSUSE key
  • OR
  • grub2-x86_64-xen-2.06-150400.11.17.1 is installed
  • AND grub2-x86_64-xen is signed with openSUSE key
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.3 is installed
  • AND Package Information
  • grub2-2.06-150400.11.17.1 is installed
  • OR grub2-arm64-efi-2.06-150400.11.17.1 is installed
  • OR grub2-i386-pc-2.06-150400.11.17.1 is installed
  • OR grub2-s390x-emu-2.06-150400.11.17.1 is installed
  • OR grub2-snapper-plugin-2.06-150400.11.17.1 is installed
  • OR grub2-x86_64-efi-2.06-150400.11.17.1 is installed
  • OR grub2-x86_64-xen-2.06-150400.11.17.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • grub2-2.06-150500.27.4 is installed
  • OR grub2-arm64-efi-2.06-150500.27.4 is installed
  • OR grub2-i386-pc-2.06-150500.27.4 is installed
  • OR grub2-powerpc-ieee1275-2.06-150500.27.4 is installed
  • OR grub2-s390x-emu-2.06-150500.27.4 is installed
  • OR grub2-snapper-plugin-2.06-150500.27.4 is installed
  • OR grub2-systemd-sleep-plugin-2.06-150500.27.4 is installed
  • OR grub2-x86_64-efi-2.06-150500.27.4 is installed
    • BACK