Oval Definition:oval:org.opensuse.security:def:20223775
Revision Date:2023-06-22Version:1
Title:CVE-2022-3775
Description:

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-3775
SUSE CVE-2022-3775
SUSE-SU-2022:4140-1
SUSE-SU-2022:4141-1
SUSE-SU-2022:4142-1
SUSE-SU-2022:4143-1
SUSE-SU-2022:4144-1
SUSE-SU-2022:4218-1
SUSE-SU-2022:4219-1
SUSE-SU-2022:4302-1
SUSE-IU-2022:1143-1
SUSE-IU-2022:1144-1
SUSE-IU-2022:1145-1
SUSE-IU-2022:1146-1
SUSE-IU-2022:1147-1
SUSE-IU-2022:1149-1
SUSE-SU-2023:1701-1
TID000021048
Platform(s):openSUSE Leap Micro 5.3
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • openSUSE Leap Micro 5.3 is installed
  • AND Package Information
  • grub2-2.06-150400.11.17.1 is installed
  • AND grub2 is signed with openSUSE key
  • OR
  • grub2-arm64-efi-2.06-150400.11.17.1 is installed
  • AND grub2-arm64-efi is signed with openSUSE key
  • OR
  • grub2-i386-pc-2.06-150400.11.17.1 is installed
  • AND grub2-i386-pc is signed with openSUSE key
  • OR
  • grub2-snapper-plugin-2.06-150400.11.17.1 is installed
  • AND grub2-snapper-plugin is signed with openSUSE key
  • OR
  • grub2-x86_64-efi-2.06-150400.11.17.1 is installed
  • AND grub2-x86_64-efi is signed with openSUSE key
  • OR
  • grub2-x86_64-xen-2.06-150400.11.17.1 is installed
  • AND grub2-x86_64-xen is signed with openSUSE key
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.3 is installed
  • AND Package Information
  • grub2-2.06-150400.11.17.1 is installed
  • OR grub2-arm64-efi-2.06-150400.11.17.1 is installed
  • OR grub2-i386-pc-2.06-150400.11.17.1 is installed
  • OR grub2-s390x-emu-2.06-150400.11.17.1 is installed
  • OR grub2-snapper-plugin-2.06-150400.11.17.1 is installed
  • OR grub2-x86_64-efi-2.06-150400.11.17.1 is installed
  • OR grub2-x86_64-xen-2.06-150400.11.17.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • grub2-2.06-150500.27.4 is installed
  • OR grub2-arm64-efi-2.06-150500.27.4 is installed
  • OR grub2-i386-pc-2.06-150500.27.4 is installed
  • OR grub2-powerpc-ieee1275-2.06-150500.27.4 is installed
  • OR grub2-s390x-emu-2.06-150500.27.4 is installed
  • OR grub2-snapper-plugin-2.06-150500.27.4 is installed
  • OR grub2-systemd-sleep-plugin-2.06-150500.27.4 is installed
  • OR grub2-x86_64-efi-2.06-150500.27.4 is installed
    • BACK