80 matches found
ALSA-2023:0752 Moderate: grub2 security update
The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Buffer...
RHEL 9 : grub2 (RHSA-2023:0752)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0752 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...
Oracle Linux 8 : grub2 (ELSA-2023-0049)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0049 advisory. - Fix CVE-2022-3775, CVE-2022-2601 Orabug: 34867710 - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 Tenable has extracted the precedi...
Oracle Linux 9 : grub2 (ELSA-2023-12019)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12019 advisory. - Fix CVE-2022-2601 and CVE-2022-3775 Orabug: 34871953 Tenable has extracted the preceding description block directly from the Oracle Linux security...
AlmaLinux 8 : grub2 (ALSA-2023:0049)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0049 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value,...
grub2: Heap based out-of-bounds write when redering certain unicode sequences
A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this...
grub2: Heap based out-of-bounds write when redering certain unicode sequences
A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this...
RHEL 8 : grub2 (RHSA-2023:0048)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0048 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...
CVE-2022-3775
...
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
Heap overflow
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...
RHEL 9 : grub2 (RHSA-2022:8978)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8978 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...
Moderate: Red Hat Security Advisory: grub2 security update
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...
grub2: Heap based out-of-bounds write when redering certain unicode sequences
A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this...
RHEL 8 : grub2 (RHSA-2022:8800)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8800 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...
SUSE SLES15 Security Update : grub2 (SUSE-SU-2022:4142-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4142-1 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the...
SUSE SLES15 Security Update : grub2 (SUSE-SU-2022:4140-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4140-1 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the...