CVE 2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Related bugs and status
CVE-2022-3775 (Candidate) is related to these bugs:
Bug #1958623: encounter general protection fault while pxe booting from MaaS server
Bug #1987924: GRUB may execute the kernel w/ dirty instruction cache on arm64
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Bionic) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Focal) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Jammy) | High | Fix Released | ||
| 1987924 | GRUB may execute the kernel w/ dirty instruction cache on arm64 | grub2-unsigned (Ubuntu Kinetic) | High | Fix Released | ||
Bug #1989446: [SRU] unable to boot guest with large memory when SEV is enabled on host
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu) | High | Fix Released | ||
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu Jammy) | High | Fix Released | ||
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu Focal) | High | Fix Released | ||
| 1989446 | [SRU] unable to boot guest with large memory when SEV is enabled on host | grub2-unsigned (Ubuntu Kinetic) | High | Fix Released | ||
Bug #1995751: update to 2.04-1ubuntu47.4 drops zz-update-grub
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2 (Ubuntu) | Critical | Invalid | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2-unsigned (Ubuntu) | Undecided | Confirmed | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2-unsigned (Ubuntu Bionic) | Undecided | In Progress | ||
| 1995751 | update to 2.04-1ubuntu47.4 drops zz-update-grub | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
Bug #1996950: CVE-2022-2601, CVE-2022-3775: font security fixes
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Lunar) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-unsigned (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Focal) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 1996950 | CVE-2022-2601, CVE-2022-3775: font security fixes | grub2-signed (Ubuntu Lunar) | Undecided | Fix Released | ||
Bug #1997006: grub TDX enablement
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1997006 | grub TDX enablement | grub2 (Ubuntu) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2 (Ubuntu Jammy) | Undecided | Invalid | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2 (Ubuntu Kinetic) | Undecided | Invalid | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
| 1997006 | grub TDX enablement | grub2-unsigned (Ubuntu Bionic) | Undecided | Fix Released | ||
Bug #2008950: Missing modules on arm64 builds of monolithic grub
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2008950 | Missing modules on arm64 builds of monolithic grub | grub2 (Ubuntu) | Undecided | Fix Released | ||
Bug #2020730: [Debian] CVE: CVE-2022-2601/CVE-2022-3775: grub2: multiple CVEs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2020730 | [Debian] CVE: CVE-2022-2601/CVE-2022-3775: grub2: multiple CVEs | StarlingX | High | Fix Released | ||
Bug #2028947: grub2-unsigned/2.12~rc1-4ubuntu1 signing
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | canonical-signing-jobs | Undecided | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | grub2-signed (Ubuntu) | Undecided | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | canonical-signing-jobs task00 | Medium | Fix Released | ||
| 2028947 | grub2-unsigned/2.12~rc1-4ubuntu1 signing | grub2 (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
