CVE-2022-2601 & CVE-2022-3775: Multiple GRUB2 vulnerabilities

Brocade Fabric OS

2 more products

21212

29 November 2022

29 November 2022

Closed

Low

Multiple

No

CVE-2022-2601, CVE-2022-3775

Summary

Security Advisory ID : BSA-2022-2139

Component : GRUB2

Revision : 1.0

 Brocade PSIRT has become aware of two grub vulnerabilities.

  • CVE-2022-2601 grub2: A buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot by-pass

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

CVSS: SCORE: 6.4 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

  • CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

When rendering certain unicode sequences, GRUB2's font code doesn't properly validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into GRUB2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

CVSS SCORE: 6.3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Products Under Investigation.

Brocade Active Support Connectivity Gateway (ASC-G)

Products Confirmed Not Affected.

  • Brocade Fabric OS.
  • Brocade SANnav.

Note

Brocade SANnav Dockers products are not vulnerable to these vulnerabilities. However, since the environment that runs the products is not under Brocade's Control, Brocade recommends that customers apply the vendors' recommendations.

SANnav scripts or application code in OVA or other deployments do not use grub2 functions.

Revision History

Version

Change

Date

1.0

Initial Publication

Nov 29, 2022