OESA-2022-2118
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2118
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-2118.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-2118
- Upstream
- Published
- 2022-11-25T11:04:39Z
- Modified
- 2025-08-12T05:13:11.674381Z
- Summary
- grub2 security update
- Details
-
GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.Briefly, a boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software (such as the Hurd or Linux). The kernel, in turn, initializes the rest of the operating system (e.g. GNU).
Security Fix(es):
A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.(CVE-2022-2601)
A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.(CVE-2022-3775)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP1 / grub2
Package
- Name
- grub2
- Purl
- pkg:rpm/openEuler/grub2&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.04-26.oe1
Ecosystem specific
{
"x86_64": [
"grub2-debuginfo-2.04-26.oe1.x86_64.rpm",
"grub2-tools-minimal-2.04-26.oe1.x86_64.rpm",
"grub2-tools-2.04-26.oe1.x86_64.rpm",
"grub2-efi-x64-2.04-26.oe1.x86_64.rpm",
"grub2-debugsource-2.04-26.oe1.x86_64.rpm",
"grub2-efi-ia32-cdboot-2.04-26.oe1.x86_64.rpm",
"grub2-pc-2.04-26.oe1.x86_64.rpm",
"grub2-efi-x64-cdboot-2.04-26.oe1.x86_64.rpm",
"grub2-tools-extra-2.04-26.oe1.x86_64.rpm",
"grub2-efi-ia32-2.04-26.oe1.x86_64.rpm",
"grub2-tools-efi-2.04-26.oe1.x86_64.rpm"
],
"src": [
"grub2-2.04-26.oe1.src.rpm"
],
"noarch": [
"grub2-common-2.04-26.oe1.noarch.rpm",
"grub2-help-2.04-26.oe1.noarch.rpm",
"grub2-efi-aa64-modules-2.04-26.oe1.noarch.rpm",
"grub2-pc-modules-2.04-26.oe1.noarch.rpm",
"grub2-efi-ia32-modules-2.04-26.oe1.noarch.rpm",
"grub2-efi-x64-modules-2.04-26.oe1.noarch.rpm"
],
"aarch64": [
"grub2-debugsource-2.04-26.oe1.aarch64.rpm",
"grub2-tools-minimal-2.04-26.oe1.aarch64.rpm",
"grub2-efi-aa64-2.04-26.oe1.aarch64.rpm",
"grub2-tools-2.04-26.oe1.aarch64.rpm",
"grub2-debuginfo-2.04-26.oe1.aarch64.rpm",
"grub2-tools-extra-2.04-26.oe1.aarch64.rpm",
"grub2-efi-aa64-cdboot-2.04-26.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP3 / grub2
Package
- Name
- grub2
- Purl
- pkg:rpm/openEuler/grub2&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.04-26.oe1
Ecosystem specific
{
"x86_64": [
"grub2-debuginfo-2.04-26.oe1.x86_64.rpm",
"grub2-tools-extra-2.04-26.oe1.x86_64.rpm",
"grub2-tools-2.04-26.oe1.x86_64.rpm",
"grub2-efi-ia32-2.04-26.oe1.x86_64.rpm",
"grub2-tools-minimal-2.04-26.oe1.x86_64.rpm",
"grub2-efi-ia32-cdboot-2.04-26.oe1.x86_64.rpm",
"grub2-pc-2.04-26.oe1.x86_64.rpm",
"grub2-efi-x64-cdboot-2.04-26.oe1.x86_64.rpm",
"grub2-tools-efi-2.04-26.oe1.x86_64.rpm",
"grub2-efi-x64-2.04-26.oe1.x86_64.rpm",
"grub2-debugsource-2.04-26.oe1.x86_64.rpm"
],
"src": [
"grub2-2.04-26.oe1.src.rpm"
],
"noarch": [
"grub2-efi-aa64-modules-2.04-26.oe1.noarch.rpm",
"grub2-efi-x64-modules-2.04-26.oe1.noarch.rpm",
"grub2-pc-modules-2.04-26.oe1.noarch.rpm",
"grub2-common-2.04-26.oe1.noarch.rpm",
"grub2-help-2.04-26.oe1.noarch.rpm",
"grub2-efi-ia32-modules-2.04-26.oe1.noarch.rpm"
],
"aarch64": [
"grub2-debuginfo-2.04-26.oe1.aarch64.rpm",
"grub2-tools-2.04-26.oe1.aarch64.rpm",
"grub2-tools-minimal-2.04-26.oe1.aarch64.rpm",
"grub2-tools-extra-2.04-26.oe1.aarch64.rpm",
"grub2-efi-aa64-cdboot-2.04-26.oe1.aarch64.rpm",
"grub2-debugsource-2.04-26.oe1.aarch64.rpm",
"grub2-efi-aa64-2.04-26.oe1.aarch64.rpm"
]
}
openEuler:22.03-LTS / grub2
Package
- Name
- grub2
- Purl
- pkg:rpm/openEuler/grub2&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.06-15.oe2203
Ecosystem specific
{
"x86_64": [
"grub2-tools-extra-2.06-15.oe2203.x86_64.rpm",
"grub2-pc-2.06-15.oe2203.x86_64.rpm",
"grub2-tools-2.06-15.oe2203.x86_64.rpm",
"grub2-efi-x64-2.06-15.oe2203.x86_64.rpm",
"grub2-efi-x64-cdboot-2.06-15.oe2203.x86_64.rpm",
"grub2-efi-ia32-cdboot-2.06-15.oe2203.x86_64.rpm",
"grub2-debuginfo-2.06-15.oe2203.x86_64.rpm",
"grub2-debugsource-2.06-15.oe2203.x86_64.rpm",
"grub2-tools-minimal-2.06-15.oe2203.x86_64.rpm",
"grub2-efi-ia32-2.06-15.oe2203.x86_64.rpm",
"grub2-tools-efi-2.06-15.oe2203.x86_64.rpm"
],
"src": [
"grub2-2.06-15.oe2203.src.rpm"
],
"noarch": [
"grub2-efi-aa64-modules-2.06-15.oe2203.noarch.rpm",
"grub2-pc-modules-2.06-15.oe2203.noarch.rpm",
"grub2-common-2.06-15.oe2203.noarch.rpm",
"grub2-efi-ia32-modules-2.06-15.oe2203.noarch.rpm",
"grub2-efi-x64-modules-2.06-15.oe2203.noarch.rpm",
"grub2-help-2.06-15.oe2203.noarch.rpm"
],
"aarch64": [
"grub2-debugsource-2.06-15.oe2203.aarch64.rpm",
"grub2-debuginfo-2.06-15.oe2203.aarch64.rpm",
"grub2-efi-aa64-2.06-15.oe2203.aarch64.rpm",
"grub2-tools-extra-2.06-15.oe2203.aarch64.rpm",
"grub2-tools-2.06-15.oe2203.aarch64.rpm",
"grub2-efi-aa64-cdboot-2.06-15.oe2203.aarch64.rpm",
"grub2-tools-minimal-2.06-15.oe2203.aarch64.rpm"
]
}