Vulnerability Name:

CVE-2022-3775 (CCN-243861)

Assigned:2022-10-31
Published:2022-10-31
Updated:2022-12-28
Summary:When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
CVSS v3 Severity:7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
7.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
6.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-3775

Source: CCN
Type: Red Hat Bugzilla - BugĀ 2138880
CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

Source: XF
Type: UNKNOWN
gnu-grab2-cve20223775-dos(243861)

Source: CCN
Type: grub.git Web site
GNU GRUB

Source: CCN
Type: IBM Security Bulletin 7009911 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Linux Kernel Buffer overflow and denial of service vulnerabilities( CVE-2022-2601, CVE-2022-3775)

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-3775

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7519
    P
    		grub2-2.06-150500.27.4 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20230752
    P
    		RHSA-2023:0752: grub2 security update (Moderate)
    2023-02-14
    oval:com.redhat.rhsa:def:20230049
    P
    		RHSA-2023:0049: grub2 security update (Moderate)
    2023-01-09
    oval:org.opensuse.security:def:51563
    P
    		Security update for grub2 (Important)
    2022-11-21
    oval:org.opensuse.security:def:51958
    P
    		Security update for grub2 (Important)
    2022-11-21
    BACK