ROSA LABROSA-SA-2024-2348Advisory ROSA-SA-2024-2348
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%
Software: grub2 2.02
OS: rosa-server79
package_evr_string: grub2-2.02-0.87.0.1.res7.11
CVE-ID: CVE-2022-2601
BDU-ID: 2022-06819
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the grub_font_construct_glyph() function of the Grub2 operating systems boot loader is related to an operation exceeding buffer boundaries in memory when processing specially designed fonts in pf2 format. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute the yum update grub2 command to close it.
CVE-ID: CVE-2022-3775
BDU-ID: 2022-06820
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Grub2 operating system boot loader is related to an operation exceeding buffer boundaries in memory when rendering certain Unicode sequences in a specially designed font. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run yum update grub2
Related
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%