Astra Linux – Vulnerability in grub2

A buffer overflow was detected in grubfontconstructglyph. A maliciously crafted pf2 font can cause an overflow when calculating the maxglyphsize value. This results in allocating a buffer that is smaller than necessary for the glyph, leading to another buffer overflow and an out-of-bounds write t...

CentOS 7 : grub2 (RHSA-2024:2002)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2002 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocatin...

Amazon Linux 2 : grub2 (ALAS-2023-2146)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2146 advisory. A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows ...

SUSE CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1317)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass

A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention...

DEBIAN-CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

AZL-11604 CVE-2022-2601 affecting package grub2 for versions less than 2.06-8

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

AZL-34787 CVE-2022-2601 affecting package grub2 for versions less than 2.06-14

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

UBUNTU-CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

CVE-2022-2601

The CVE-2022-2601 issue is a vulnerability in grub2’s font rendering path: a crafted pf2 font causes an overflow in grub_font_construct_glyph(), which can allocate too small a buffer for a glyph and trigger a heap-based out-of-bounds write. This vulnerability can be exploited to bypass Secure Boo...

grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass

A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention...

The vulnerability of the grub_font_construct_glyph() function, a loader for the Grub2 operating system, allows a hacker to execute arbitrary code.

The vulnerability of the grubfontconstructglyph function, a part of the Grub2 operating system loader, is related to the issue where an operation goes beyond the buffer boundaries in memory when processing specially formatted glyphs in the pf2 format. Exploiting this vulnerability allows an...

CVE-2022-2601

A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention...