CVE-2021-3695
Description
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap Red Hat statement Due to the nature of the input and how it's processed, a successful attack is considered very complex to be executed, as the same value is written out of bounds three times in a row. CVSS v3: 7.5 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) Errata / fixed releasesβ¦
Description
grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
Red Hat statement
Due to the nature of the input and how it's processed, a successful attack is considered very complex to be executed, as the same value is written out of bounds three times in a row.
CVSS v3: 7.5 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | grub2-1:2.02-123.el8_6.8 | RHSA-2022:5095 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | grub2-1:2.02-87.el8_1.10 | RHSA-2022:5098 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Extended Update Support | grub2-1:2.02-87.el8_2.10 | RHSA-2022:5100 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Extended Update Support | grub2-1:2.02-99.el8_4.9 | RHSA-2022:5096 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 9 | grub2-1:2.06-27.el9_0.7 | RHSA-2022:5099 | 2022-06-16T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | grub2 | Out of support scope |
Apply commands
yum update -y grub2
# or:
dnf upgrade -y grub2OS impact
Arch Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | grub2-tools-minimal-2.06-27.el9_0.7.alma.ppc64le.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.06-3 |
| sid | Fixed | 2.06-3 |
| forky | Fixed | 2.06-3 |
| bullseye | Fixed | 2.06-3~deb11u1 |
| bookworm | Fixed | 2.06-3 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2022:5099
- https://www.suse.com/security/cve/CVE-2021-3695.html
- https://errata.rockylinux.org/RLSA-2022:5095
- https://security-tracker.debian.org/tracker/CVE-2021-3695
- https://errata.rockylinux.org/RLSA-2022:5099
- https://access.redhat.com/errata/RHSA-2022:5095
- https://bugzilla.redhat.com/1991685
- https://bugzilla.redhat.com/1991686
- https://bugzilla.redhat.com/1991687
- https://bugzilla.redhat.com/2083339
- https://bugzilla.redhat.com/2090463
- https://bugzilla.redhat.com/2090857
- https://bugzilla.redhat.com/2090899
- https://bugzilla.redhat.com/2092613
- https://errata.almalinux.org/8/ALSA-2022-5095.html
- https://errata.almalinux.org/9/ALSA-2022-5099.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.