14 lines
1.5 KiB
JSON
14 lines
1.5 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-2118",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2118",
|
|
"title": "An update for grub2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Medium",
|
|
"description": "GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.Briefly, a boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software (such as the Hurd or Linux). The kernel, in turn, initializes the rest of the operating system (e.g. GNU).\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.(CVE-2022-2601)\r\n\r\nA flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.(CVE-2022-3775)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-3775",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |