CVE 2022-2601
A buffer overflow was found in grub_font_
Related bugs and status
CVE-2022-2601 (Candidate) is related to these bugs:
Bug #1958623: encounter general protection fault while pxe booting from MaaS server
Bug #1987924: GRUB may execute the kernel w/ dirty instruction cache on arm64
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Bionic) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Focal) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Jammy) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Kinetic) | High | Fix Released | ||
Bug #1989446: [SRU] unable to boot guest with large memory when SEV is enabled on host
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu) | High | Fix Released | ||
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu Jammy) | High | Fix Released | ||
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu Focal) | High | Fix Released | ||
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu Kinetic) | High | Fix Released | ||
Bug #1995751: update to 2.04-1ubuntu47.4 drops zz-update-grub
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2 (Ubuntu) | Critical | Invalid | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2-unsigned (Ubuntu) | Undecided | Confirmed | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2-unsigned (Ubuntu Bionic) | Undecided | In Progress | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
Bug #1996950: CVE-2022-2601, CVE-2022-3775: font security fixes
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Lunar) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Focal) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Lunar) | Undecided | Fix Released | ||
Bug #1997006: grub TDX enablement
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1997006 | grub TDX enablement | grub2 (Ubuntu) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2 (Ubuntu Jammy) | Undecided | Invalid | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2 (Ubuntu Kinetic) | Undecided | Invalid | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Bionic) | Undecided | Fix Released | ||
Bug #2008950: Missing modules on arm64 builds of monolithic grub
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2008950 | Missing modules on arm64 builds of monolithic grub | grub2 (Ubuntu) | Undecided | Fix Released | ||
Bug #2020730: [Debian] CVE: CVE-2022-2601/CVE-2022-3775: grub2: multiple CVEs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2020730 | [Debian] CVE: CVE-2022-2601/CVE-2022-3775: grub2: multiple CVEs | StarlingX | High | Fix Released | ||
Bug #2028947: grub2-unsigned/2.12~rc1-4ubuntu1 signing
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | canonical-signing-jobs | Undecided | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | grub2-signed (Ubuntu) | Undecided | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | canonical-signing-jobs task00 | Medium | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | grub2 (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
