Advisory ROSA-SA-2024-2341

Software: grub2 2.02
OS: ROSA Virtualization 2.1

package_evr_string: grub2-2.02-148.0.1.rv3

CVE-ID: CVE-2022-2601
BDU-ID: 2022-06819
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the grub_font_construct_glyph() function of the Grub2 operating systems boot loader is related to an operation exceeding buffer boundaries in memory when processing specially designed fonts in pf2 format. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute the yum update grub2 command to close it.

CVE-ID: CVE-2021-3981
BDU-ID: 2023-07627
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the Grub configuration file is related to the default permissions settings. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data
CVE-STATUS: Fixed
CVE-REV: Execute yum update grub2 to close.

CVE-ID: CVE-2021-3697
BDU-ID: 2022-06891
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Grub configuration file is related to writing beyond buffer boundaries. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service using a specially crafted JPEG image
CVE-STATUS: Resolved
CVE-REV: Execute yum update grub2 to close.

CVE-ID: CVE-2021-3696
BDU-ID: 2022-06896
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Grub configuration file is related to writing beyond buffer boundaries. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service
CVE-STATUS: Fixed
CVE-REV: Execute yum update grub2 to close.

CVE-ID: CVE-2021-3695
BDU-ID: 2023-00286
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Grub configuration file is related to writing beyond buffer boundaries. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service
CVE-STATUS: Fixed
CVE-REV: Execute yum update grub2 to close.