CVE-2022-2601

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2601

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2601.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-2601

Downstream

DEBIAN-CVE-2022-2601

DLA-3190-1

DLA-3190-2

DSA-5280-1

OESA-2022-2118

RHSA-2022:8494

RHSA-2022:8800

RHSA-2022:8978

RHSA-2023:0047

RHSA-2023:0048

RHSA-2023:0049

RHSA-2023:0752

RHSA-2024:2002

SUSE-SU-2022:4140-1

SUSE-SU-2022:4141-1

SUSE-SU-2022:4142-1

SUSE-SU-2022:4143-1

SUSE-SU-2022:4144-1

SUSE-SU-2022:4218-1

SUSE-SU-2022:4219-1

SUSE-SU-2022:4302-1

SUSE-SU-2023:1701-1

UBUNTU-CVE-2022-2601

openSUSE-SU-2024:12517-1

Related

Published

2022-12-14T21:15:10Z

Modified

2025-08-09T20:01:26Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A buffer overflow was found in grubfontconstructglyph(). A malicious crafted pf2 font can lead to an overflow when calculating the maxglyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

References

Affected packages