Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat: RHSA-2022-8978-01 Moderate: Grub2 Buffer Overflow and Heap Issues

red hat
Calendar Grey December 13, 2022
Dist Redhat Esm H88
Debian enhances initramfs-tools addressing serious vulnerabilities related to memory corruption and race conditions. Crucial for improved system startup security.
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)
* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)
* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)
* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)

Topics%20covered

Topics Covered

security advisory buffer overflow moderate severity Red Hat Enterprise boot loader grub2 security

References

https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux BaseOS EUS (v.9.0):
Source: grub2-2.06-27.el9_0.12.src.rpm
aarch64: grub2-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-debugsource-2.06-27.el9_0.12.aarch64.rpm grub2-efi-aa64-2.06-27.el9_0.12.aarch64.rpm grub2-efi-aa64-cdboot-2.06-27.el9_0.12.aarch64.rpm grub2-emu-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-2.06-27.el9_0.12.aarch64.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-extra-2.06-27.el9_0.12.aarch64.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.aarch64.rpm grub2-tools-minimal-2.06-27.el9_0.12.aarch64.rpm grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.aarch64.rpm
noarch: grub2-common-2.06-27.el9_0.12.noarch.rpm grub2-efi-aa64-modules-2.06-27.el9_0.12.noarch.rpm grub2-efi-x64-modules-2.06-27.el9_0.12.noarch.rpm grub2-pc-modules-2.06-27.el9_0.12.noarch.rpm grub2-ppc64le-modules-2.06-27.el9_0.12.noarch.rpm
ppc64le: grub2-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-debugsource-2.06-27.el9_0.12.ppc64le.rpm grub2-ppc64le-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-extra-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-extra-debuginfo-2.06-27.el9_0.12.ppc64le.rpm grub2-tools-minimal-2.06-27.el9_0.12.ppc64le.rpm

Read the Full Advisory


Advisory ID: RHSA-2022:8978-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8978
Issue date: 2022-12-13

Topic

An update for grub2 is now available for Red Hat Enterprise Linux 9.0Extended Update Support.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory buffer overflow moderate severity Red Hat Enterprise boot loader grub2 security

Relevant Releases Architectures

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, x86_64

Bugs Fixed

2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass

2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here