Unknown
CVE-2022-2601
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-2601
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- fedoraproject,
- gnu,
- redhat
Products
- enterprise linux eus 9.0,
- enterprise linux for power little endian eus 9.0,
- enterprise linux server aus 8.2,
- enterprise linux server for power little endian update services for sap solutions 8.1,
- enterprise linux server for power little endian update services for sap solutions 8.2,
- enterprise linux server for power little endian update services for sap solutions 9.0,
- enterprise linux server tus 8.2,
- enterprise linux server update services for sap solutions 8.1,
- enterprise linux server update services for sap solutions 8.2,
- enterprise linux server update services for sap solutions 9.0,
- fedora 37,
- grub2
References
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
