CVE-2022-3775

HIGH

GRUB2 < 2.06 - Out-of-bounds Write via Unicode Glyph Rendering

Title source: llm
STIX 2.1

Description

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-14

Scores

CVSS v3 7.1
EPSS 0.0087
EPSS Percentile 54.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (3)
None/grub2 All up to 2.06
gnu/grub2 < 2.06
redhat/enterprise_linux 8.0
Published Dec 19, 2022
Tracked Since Feb 18, 2026