A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=2138880

lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html

nvd.nist.gov/vuln/detail/CVE-2022-3775

www.cve.org/CVERecord?id=CVE-2022-3775

cbl_mariner 3

veracode 1

openvas 34

cvelist 1

nessus 61

ubuntucve 1

debiancve 1

cve 1

nvd 1

prion 1

mscve 1

debian 3

osv 9

ibm 1

redhat 10

oraclelinux 3

fedora 3

gentoo 1

almalinux 2

rosalinux 2

rocky 2

kaspersky 3

redos 1

photon 2

amazon 1

ubuntu 1

qualysblog 1

mskb 11

hp 2

rapid7blog 1

avleonov 1

cbl_mariner

CVE-2022-3775 affecting package grub2 for versions less than 2.06-10

2023-06-27 20:56:13

CVE-2022-3775 affecting package grub2 for versions less than 2.06-14

2024-03-19 17:21:46

CVE-2022-3775 affecting package grub2 2.06~rc1-9

2023-03-02 04:18:34

veracode

Denial Of Service (DoS)

2022-11-20 23:05:07

openvas

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1595)

2023-04-13 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4142-1)

2022-11-22 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4302-1)

2022-12-02 00:00:00

cvelist

CVE-2022-3775

2022-12-19 00:00:00

nessus

EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2023-1595)

2023-04-13 00:00:00

CBL Mariner 2.0 Security Update: grub2 (CVE-2022-3775)

2024-07-03 00:00:00

EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2023-1636)

2023-04-27 00:00:00

ubuntucve

CVE-2022-3775

2022-12-19 00:00:00

debiancve

CVE-2022-3775

2022-12-19 20:15:11

cve

CVE-2022-3775

2022-12-19 20:15:11

nvd

CVE-2022-3775

2022-12-19 20:15:11

prion

Heap overflow

2022-12-19 20:15:00

mscve

Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences

2024-08-13 07:00:00

debian

[SECURITY] [DLA 3190-1] grub2 security update

2022-11-16 09:12:12

[SECURITY] [DLA 3190-2] grub2 security update

2022-12-10 08:22:59

[SECURITY] [DSA 5280-1] grub2 security update

2022-11-15 19:50:06

osv

grub2 - security update

2022-11-16 00:00:00

grub2-2.06-31.1 on GA media

2024-06-15 00:00:00

Moderate: grub2 security update

2023-01-09 14:23:31

ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Linux Kernel Buffer overflow and denial of service vulnerabilities( CVE-2022-2601, CVE-2022-3775)

2023-07-05 21:12:35

redhat

(RHSA-2022:8978) Moderate: grub2 security and bug fix update

2022-12-13 15:31:13

(RHSA-2023:0752) Moderate: grub2 security update

2023-02-14 09:02:50

(RHSA-2023:0047) Moderate: grub2 security update

2023-01-09 14:22:15

oraclelinux

grub2 security update

2023-01-25 00:00:00

grub2 security update

2023-06-13 00:00:00

grub2 security update

2023-01-12 00:00:00

fedora

[SECURITY] Fedora 37 Update: grub2-2.06-63.fc37

2022-11-18 01:18:26

[SECURITY] Fedora 35 Update: grub2-2.06-14.fc35

2022-12-01 01:39:11

[SECURITY] Fedora 36 Update: grub2-2.06-57.fc36

2022-11-27 01:37:59

gentoo

GRUB: Multiple Vulnerabilities

2023-11-25 00:00:00

almalinux

Moderate: grub2 security update

2023-02-14 00:00:00

Moderate: grub2 security update

2023-01-09 00:00:00

rosalinux

Advisory ROSA-SA-2024-2348

2024-02-20 08:52:02

Advisory ROSA-SA-2024-2461

2024-07-31 09:54:19

rocky

grub2 security update

2023-02-16 06:35:52

grub2 security update

2023-01-09 14:23:31

kaspersky

KLA71482 Multiple vulnerabilities in Microsoft Mariner

2024-08-13 00:00:00

KLA71485 Multiple vulnerabilities in Microsoft Products (ESU)

2024-08-13 00:00:00

KLA71484 Multiple vulnerabilities in Microsoft Windows

2024-08-13 00:00:00

redos

ROS-20240403-05

2024-04-03 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-4.0-0303

2022-12-21 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0507

2022-12-21 00:00:00

amazon

Important: grub2

2023-07-17 17:40:00

ubuntu

GRUB2 vulnerabilities

2023-09-08 00:00:00

qualysblog

Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review

2024-08-13 20:31:30

mskb

August 13, 2024—KB5041851 (Monthly Rollup)

2024-08-13 07:00:00

August 13, 2024—KB5041782 (OS Build 10240.20751)

2024-08-13 07:00:00

August 13, 2024—KB5041828 (Monthly Rollup)

2024-08-13 07:00:00

HP ThinPro 8.0 SP 7 Security Updates

2024-01-26 00:00:00

HP ThinPro 8.0 SP 8 Security Updates

2024-03-01 00:00:00

rapid7blog

Patch Tuesday - August 2024

2024-08-13 23:36:30

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

12.9%

JSON

Related for RH:CVE-2022-3775