UBUNTU-CVE-2022-2601

Source
https://ubuntu.com/security/CVE-2022-2601
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-2601.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-2601
Related
Published
2022-12-14T21:15:00Z
Modified
2024-11-20T12:23:02Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A buffer overflow was found in grubfontconstructglyph(). A malicious crafted pf2 font can lead to an overflow when calculating the maxglyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

References

Affected packages

Ubuntu:Pro:14.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22
1.23
1.24
1.25
1.26
1.27
1.30
1.31
1.32
1.33
1.34
1.34.1
1.34.2
1.34.3
1.34.4
1.34.5
1.34.6
1.34.7
1.34.8
1.34.9
1.34.13
1.34.14
1.34.16
1.34.17
1.34.18
1.34.20
1.34.22
1.34.24

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.55
1.56
1.57
1.58
1.59
1.61
1.62
1.63
1.64
1.65
1.66
1.66.1
1.66.2
1.66.6
1.66.7
1.66.8
1.66.9
1.66.11
1.66.12
1.66.14
1.66.15
1.66.16
1.66.17
1.66.18
1.66.19
1.66.20
1.66.21
1.66.22
1.66.23
1.66.26
1.66.27
1.66.28
1.66.29
1.167~16.04.1
1.167~16.04.2
1.167~16.04.4
1.167~16.04.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.04-1ubuntu44
2.04-1ubuntu44.1
2.04-1ubuntu44.1.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.187.3~18.04.1

Affected versions

1.*

1.85
1.86
1.87
1.89
1.91
1.92
1.93
1.93.1
1.93.2
1.93.3
1.93.4
1.93.5
1.93.7
1.93.8
1.93.10
1.93.11
1.93.13
1.93.14
1.93.15
1.93.16
1.93.18
1.93.19
1.93.20
1.93.21
1.93.22
1.93.24
1.167~18.04.1
1.167~18.04.3
1.167~18.04.5
1.173.2~18.04.1
1.187.2~18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.187.3~18.04.1+2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.187.3~18.04.1+2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:18.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-2ubuntu14.1

Affected versions

2.*

2.04-1ubuntu44
2.04-1ubuntu44.1
2.04-1ubuntu44.1.2
2.04-1ubuntu47.4
2.06-2ubuntu14

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}

Ubuntu:20.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.187.3~20.04.1

Affected versions

1.*

1.128
1.129
1.130
1.131
1.133
1.134
1.135
1.136
1.137
1.138
1.139
1.140
1.141
1.142
1.142.1
1.142.3
1.142.4
1.142.5
1.142.6
1.142.8
1.142.9
1.142.10
1.142.11
1.167
1.167.2
1.173.2~20.04.1
1.173.4
1.187.2~20.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.187.3~20.04.1+2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.187.3~20.04.1+2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:20.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-2ubuntu14.1

Affected versions

2.*

2.04-1ubuntu44
2.04-1ubuntu44.2
2.04-1ubuntu47.4
2.04-1ubuntu47.5
2.06-2ubuntu14

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}

Ubuntu:22.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.187.3~22.04.1

Affected versions

1.*

1.173
1.174
1.176
1.177
1.178
1.179
1.180
1.182~22.04.1
1.187.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.187.3~22.04.1+2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.187.3~22.04.1+2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:22.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-2ubuntu14.1

Affected versions

2.*

2.04-1ubuntu47
2.04-1ubuntu48
2.06-2ubuntu3
2.06-2ubuntu4
2.06-2ubuntu5
2.06-2ubuntu6
2.06-2ubuntu7
2.06-2ubuntu10
2.06-2ubuntu14

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu14.1",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}