PT-2022-6168 · Grub2+10 · Grub2+10

Marco Benatto

·

Published

2022-06-07

·

Updated

2026-03-26

·

CVE-2021-3695

CVSS v3.1

4.5

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions grub2 versions prior to 2.12
Description A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area, potentially causing heap data corruption or arbitrary code execution, and circumventing secure boot protections. The issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve significant results. The values written into the memory are repeated three times in a row, making it difficult to produce valid payloads.
Recommendations For grub2 versions prior to 2.12, update to version 2.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted 16-bit grayscale PNG images to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:5095
ALSA-2022:5099
ALT-PU-2023-1427
ALT-PU-2023-6074
ALT-PU-2024-11222
AZL-31034
AZL-34783
BDU:2023-00286
CESA-2022_5095
CVE-2021-3695
OESA-2022-1734
OPENSUSE-SU-2022_2035-1
OPENSUSE-SU-2022_2064-1
OPENSUSE-SU-2024:12137-1
RHSA-2022:5095
RHSA-2022:5096
RHSA-2022:5098
RHSA-2022:5099
RHSA-2022:5100
RHSA-2022_5095
RHSA-2022_5099
RLSA-2022:5095
RLSA-2022:5099
SUSE-SU-2022:2035-1
SUSE-SU-2022:2036-1
SUSE-SU-2022:2037-1
SUSE-SU-2022:2038-1
SUSE-SU-2022:2039-1
SUSE-SU-2022:2041-1
SUSE-SU-2022:2064-1
SUSE-SU-2022:2073-1
SUSE-SU-2022:2074-1
SUSE-SU-2022_2035-1
SUSE-SU-2022_2036-1
SUSE-SU-2022_2037-1
SUSE-SU-2022_2038-1
SUSE-SU-2022_2039-1
SUSE-SU-2022_2041-1
SUSE-SU-2022_2064-1
SUSE-SU-2022_2074-1
USN-6355-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Grub2