CVE-2022-2601 & CVE-2022-3775: Multiple GRUB2 vulnerabilities
29 November 2022
29 November 2022
Summary Security Advisory ID : BSA-2022-2139 Component : GRUB2 Revision : 1.0
Security Advisory ID : BSA-2022-2139
Component : GRUB2
Revision : 1.0
Brocade PSIRT has become aware of two grub vulnerabilities.
- CVE-2022-2601 grub2: A buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot by-pass
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
CVSS: SCORE: 6.4 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences
When rendering certain unicode sequences, GRUB2's font code doesn't properly validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into GRUB2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
CVSS SCORE: 6.3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Products Under Investigation.
Brocade Active Support Connectivity Gateway (ASC-G)
Products Confirmed Not Affected.
- Brocade Fabric OS.
- Brocade SANnav.
Brocade SANnav Dockers products are not vulnerable to these vulnerabilities. However, since the environment that runs the products is not under Brocade's Control, Brocade recommends that customers apply the vendors' recommendations.
SANnav scripts or application code in OVA or other deployments do not use grub2 functions.
Nov 29, 2022