When rendering certain unicode sequences, grub2\'s font code doesn\'t proper validate if the informed glyph\'s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\'s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Find out more about CVE-2022-3775 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
Product Name | Status | Defect | Fixed | Downloads |
---|---|---|---|---|
Linux | ||||
Wind River Linux LTS 17 | Fixed |
LIN10-10809 |
10.17.41.27 | -- |
Wind River Linux 8 | Requires LTSS | -- | -- | -- |
Wind River Linux 9 | Requires LTSS | -- | -- | -- |
Wind River Linux 7 | Requires LTSS | -- | -- | -- |
Wind River Linux LTS 21 | Fixed |
LIN1021-4773 |
10.21.20.15 | -- |
Wind River Linux LTS 22 | Fixed |
LIN1022-2422 |
10.22.33.4 | -- |
Wind River Linux LTS 18 | Fixed |
LIN1018-10021 |
10.18.44.29 | -- |
Wind River Linux LTS 19 | Fixed |
LIN1019-9104 |
10.19.45.27 | -- |
Wind River Linux CD release | Fixed |
LINCD-10893 |
10.23.5.0 | -- |
Wind River Linux 6 | Requires LTSS | -- | -- | -- |
Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 24 | Fixed | -- | 10.23.5.0 | -- |
VxWorks | ||||
VxWorks 7 | Not Vulnerable | -- | -- | -- |
VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
Helix Virtualization Platform Cert Edition | ||||
Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
eLxr | ||||
eLxr 12 | Not Vulnerable | -- | -- | -- |
Product Name | Status | Defect | Fixed | Downloads |
---|