Alpaquita Linux
Security Advisory

CVE-2022-3775

Published: August 31, 2023Last modified: August 31, 2023

Description

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Severity score breakdown

ParameterValue
Base score7.1
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgrubNot affected (2.06-r15)
StreamgrubNot affected (2.06-r17)

References

ON THIS PAGE