Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-3775
Vulnerability from cvelistv5
Published
2022-12-19 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"name": "GLSA-202311-14",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All up to 2.06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When rendering certain unicode sequences, grub2\u0027s font code doesn\u0027t proper validate if the informed glyph\u0027s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\u0027s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T12:06:19.532925",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"name": "GLSA-202311-14",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3775",
"datePublished": "2022-12-19T00:00:00",
"dateReserved": "2022-10-31T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-3775\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-12-19T20:15:11.427\",\"lastModified\":\"2023-11-25T12:15:07.270\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"When rendering certain unicode sequences, grub2\u0027s font code doesn\u0027t proper validate if the informed glyph\u0027s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\u0027s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.\"},{\"lang\":\"es\",\"value\":\"Al representar ciertas secuencias Unicode, el c\u00f3digo de fuente de grub2 no se valida correctamente si el ancho y alto del glifo informado est\u00e1n restringidos dentro del tama\u00f1o del mapa de bits. Como consecuencia, un atacante puede crear una entrada que provocar\u00e1 una escritura fuera de los l\u00edmites en el mont\u00f3n de grub2, lo que provocar\u00e1 da\u00f1os en la memoria y problemas de disponibilidad. Aunque es compleja, no se puede descartar la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.06\",\"matchCriteriaId\":\"7E48B3B4-3F7F-4169-ABC8-448AA351276E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/cve-2022-3775\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-14\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
rhsa-2022_8800
Vulnerability from csaf_redhat
Published
2022-12-06 08:58
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8800",
"url": "https://access.redhat.com/errata/RHSA-2022:8800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8800.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2024-11-22T21:00:32+00:00",
"generator": {
"date": "2024-11-22T21:00:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8800",
"initial_release_date": "2022-12-06T08:58:45+00:00",
"revision_history": [
{
"date": "2022-12-06T08:58:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-06T08:58:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:00:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.2::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-87.el8_2.11.src",
"product": {
"name": "grub2-1:2.02-87.el8_2.11.src",
"product_id": "grub2-1:2.02-87.el8_2.11.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-87.el8_2.11?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.02-87.el8_2.11.noarch",
"product": {
"name": "grub2-common-1:2.02-87.el8_2.11.noarch",
"product_id": "grub2-common-1:2.02-87.el8_2.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.02-87.el8_2.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_2.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"product": {
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"product_id": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_2.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"product_id": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_2.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"product": {
"name": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"product_id": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_2.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"product_id": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_2.11?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-pc-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-pc-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src"
},
"product_reference": "grub2-1:2.02-87.el8_2.11.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-common-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-pc-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src"
},
"product_reference": "grub2-1:2.02-87.el8_2.11.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-common-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-pc-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src"
},
"product_reference": "grub2-1:2.02-87.el8_2.11.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-common-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-pc-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zhang Boyang"
]
}
],
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2601"
},
{
"category": "external",
"summary": "RHBZ#2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-06T08:58:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass"
},
{
"acknowledgments": [
{
"names": [
"Daniel Axtens"
]
}
],
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Heap based out-of-bounds write when redering certain unicode sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3775"
},
{
"category": "external",
"summary": "RHBZ#2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-06T08:58:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le",
"BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src",
"BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch",
"BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64",
"BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Heap based out-of-bounds write when redering certain unicode sequences"
}
]
}
rhsa-2022_8494
Vulnerability from csaf_redhat
Published
2022-11-16 10:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8494",
"url": "https://access.redhat.com/errata/RHSA-2022:8494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8494.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2024-11-22T21:00:24+00:00",
"generator": {
"date": "2024-11-22T21:00:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8494",
"initial_release_date": "2022-11-16T10:51:10+00:00",
"revision_history": [
{
"date": "2022-11-16T10:51:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-16T10:51:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:00:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.1::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-87.el8_1.11.src",
"product": {
"name": "grub2-1:2.02-87.el8_1.11.src",
"product_id": "grub2-1:2.02-87.el8_1.11.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-87.el8_1.11?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.02-87.el8_1.11.noarch",
"product": {
"name": "grub2-common-1:2.02-87.el8_1.11.noarch",
"product_id": "grub2-common-1:2.02-87.el8_1.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.02-87.el8_1.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_1.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"product": {
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"product_id": "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_1.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"product_id": "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_1.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"product": {
"name": "grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"product_id": "grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_1.11?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"product_id": "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_1.11?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-pc-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-pc-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-87.el8_1.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src"
},
"product_reference": "grub2-1:2.02-87.el8_1.11.src",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch"
},
"product_reference": "grub2-common-1:2.02-87.el8_1.11.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-pc-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)",
"product_id": "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zhang Boyang"
]
}
],
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src",
"BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2601"
},
{
"category": "external",
"summary": "RHBZ#2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-16T10:51:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src",
"BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8494"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src",
"BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass"
},
{
"acknowledgments": [
{
"names": [
"Daniel Axtens"
]
}
],
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Heap based out-of-bounds write when redering certain unicode sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src",
"BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3775"
},
{
"category": "external",
"summary": "RHBZ#2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-16T10:51:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src",
"BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8494"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src",
"BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le",
"BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Heap based out-of-bounds write when redering certain unicode sequences"
}
]
}
rhsa-2023_0047
Vulnerability from csaf_redhat
Published
2023-01-09 14:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0047",
"url": "https://access.redhat.com/errata/RHSA-2023:0047"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0047.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2024-11-22T21:00:58+00:00",
"generator": {
"date": "2024-11-22T21:00:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:0047",
"initial_release_date": "2023-01-09T14:51:08+00:00",
"revision_history": [
{
"date": "2023-01-09T14:51:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-09T14:51:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:00:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-99.el8_4.10.src",
"product": {
"name": "grub2-1:2.02-99.el8_4.10.src",
"product_id": "grub2-1:2.02-99.el8_4.10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-99.el8_4.10?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.02-99.el8_4.10.noarch",
"product": {
"name": "grub2-common-1:2.02-99.el8_4.10.noarch",
"product_id": "grub2-common-1:2.02-99.el8_4.10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.02-99.el8_4.10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-99.el8_4.10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"product": {
"name": "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"product_id": "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-99.el8_4.10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"product_id": "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-99.el8_4.10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"product": {
"name": "grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"product_id": "grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-99.el8_4.10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"product_id": "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-99.el8_4.10?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-tools-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-tools-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-pc-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-pc-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-99.el8_4.10.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src"
},
"product_reference": "grub2-1:2.02-99.el8_4.10.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch"
},
"product_reference": "grub2-common-1:2.02-99.el8_4.10.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-pc-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-tools-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zhang Boyang"
]
}
],
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src",
"BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2601"
},
{
"category": "external",
"summary": "RHBZ#2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-09T14:51:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src",
"BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src",
"BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass"
},
{
"acknowledgments": [
{
"names": [
"Daniel Axtens"
]
}
],
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Heap based out-of-bounds write when redering certain unicode sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src",
"BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3775"
},
{
"category": "external",
"summary": "RHBZ#2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-09T14:51:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src",
"BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src",
"BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le",
"BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Heap based out-of-bounds write when redering certain unicode sequences"
}
]
}
rhsa-2023_0752
Vulnerability from csaf_redhat
Published
2023-02-14 09:10
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0752",
"url": "https://access.redhat.com/errata/RHSA-2023:0752"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0752.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2024-11-22T21:01:19+00:00",
"generator": {
"date": "2024-11-22T21:01:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:0752",
"initial_release_date": "2023-02-14T09:10:02+00:00",
"revision_history": [
{
"date": "2023-02-14T09:10:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-14T09:10:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:01:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.06-46.el9_1.3.src",
"product": {
"name": "grub2-1:2.06-46.el9_1.3.src",
"product_id": "grub2-1:2.06-46.el9_1.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.06-46.el9_1.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.06-46.el9_1.3.noarch",
"product": {
"name": "grub2-common-1:2.06-46.el9_1.3.noarch",
"product_id": "grub2-common-1:2.06-46.el9_1.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.06-46.el9_1.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-46.el9_1.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"product_id": "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-46.el9_1.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"product": {
"name": "grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"product_id": "grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.06-46.el9_1.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"product_id": "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-46.el9_1.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-tools-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-tools-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-pc-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-pc-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.06-46.el9_1.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src"
},
"product_reference": "grub2-1:2.06-46.el9_1.3.src",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch"
},
"product_reference": "grub2-common-1:2.06-46.el9_1.3.noarch",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-pc-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch"
},
"product_reference": "grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-tools-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64",
"relates_to_product_reference": "BaseOS-9.1.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zhang Boyang"
]
}
],
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src",
"BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2601"
},
{
"category": "external",
"summary": "RHBZ#2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-14T09:10:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src",
"BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0752"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src",
"BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass"
},
{
"acknowledgments": [
{
"names": [
"Daniel Axtens"
]
}
],
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Heap based out-of-bounds write when redering certain unicode sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src",
"BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3775"
},
{
"category": "external",
"summary": "RHBZ#2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-14T09:10:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src",
"BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0752"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src",
"BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le",
"BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Heap based out-of-bounds write when redering certain unicode sequences"
}
]
}
rhsa-2023_0048
Vulnerability from csaf_redhat
Published
2023-01-09 14:50
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0048",
"url": "https://access.redhat.com/errata/RHSA-2023:0048"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0048.json"
}
],
"title": "Red Hat Security Advisory: grub2 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T21:00:49+00:00",
"generator": {
"date": "2024-11-22T21:00:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:0048",
"initial_release_date": "2023-01-09T14:50:55+00:00",
"revision_history": [
{
"date": "2023-01-09T14:50:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-09T14:50:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:00:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-123.el8_6.12.src",
"product": {
"name": "grub2-1:2.02-123.el8_6.12.src",
"product_id": "grub2-1:2.02-123.el8_6.12.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-123.el8_6.12?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.02-123.el8_6.12.noarch",
"product": {
"name": "grub2-common-1:2.02-123.el8_6.12.noarch",
"product_id": "grub2-common-1:2.02-123.el8_6.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.02-123.el8_6.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-123.el8_6.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"product": {
"name": "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"product_id": "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-123.el8_6.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"product_id": "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-123.el8_6.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"product": {
"name": "grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"product_id": "grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-123.el8_6.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"product_id": "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-123.el8_6.12?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-tools-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-tools-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-pc-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-pc-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-123.el8_6.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src"
},
"product_reference": "grub2-1:2.02-123.el8_6.12.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch"
},
"product_reference": "grub2-common-1:2.02-123.el8_6.12.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-pc-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-tools-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zhang Boyang"
]
}
],
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src",
"BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2601"
},
{
"category": "external",
"summary": "RHBZ#2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-09T14:50:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src",
"BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0048"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src",
"BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass"
},
{
"acknowledgments": [
{
"names": [
"Daniel Axtens"
]
}
],
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Heap based out-of-bounds write when redering certain unicode sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src",
"BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3775"
},
{
"category": "external",
"summary": "RHBZ#2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-09T14:50:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src",
"BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0048"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src",
"BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Heap based out-of-bounds write when redering certain unicode sequences"
}
]
}
rhsa-2022_8978
Vulnerability from csaf_redhat
Published
2022-12-13 16:11
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)
* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)
* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)
* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)\n\n* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)\n\n* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)\n\n* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8978",
"url": "https://access.redhat.com/errata/RHSA-2022:8978"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8978.json"
}
],
"title": "Red Hat Security Advisory: grub2 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T21:00:41+00:00",
"generator": {
"date": "2024-11-22T21:00:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8978",
"initial_release_date": "2022-12-13T16:11:40+00:00",
"revision_history": [
{
"date": "2022-12-13T16:11:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-13T16:11:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:00:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.06-27.el9_0.12.src",
"product": {
"name": "grub2-1:2.06-27.el9_0.12.src",
"product_id": "grub2-1:2.06-27.el9_0.12.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.06-27.el9_0.12?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.06-27.el9_0.12.noarch",
"product": {
"name": "grub2-common-1:2.06-27.el9_0.12.noarch",
"product_id": "grub2-common-1:2.06-27.el9_0.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.06-27.el9_0.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-27.el9_0.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"product_id": "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-27.el9_0.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"product": {
"name": "grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"product_id": "grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.06-27.el9_0.12?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"product_id": "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-27.el9_0.12?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-tools-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-tools-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-pc-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-pc-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.06-27.el9_0.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src"
},
"product_reference": "grub2-1:2.06-27.el9_0.12.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch"
},
"product_reference": "grub2-common-1:2.06-27.el9_0.12.noarch",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-pc-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch"
},
"product_reference": "grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-tools-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zhang Boyang"
]
}
],
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src",
"BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2601"
},
{
"category": "external",
"summary": "RHBZ#2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-13T16:11:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src",
"BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8978"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src",
"BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass"
},
{
"acknowledgments": [
{
"names": [
"Daniel Axtens"
]
}
],
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Heap based out-of-bounds write when redering certain unicode sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src",
"BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3775"
},
{
"category": "external",
"summary": "RHBZ#2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-13T16:11:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src",
"BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8978"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src",
"BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le",
"BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Heap based out-of-bounds write when redering certain unicode sequences"
}
]
}
rhsa-2023_0049
Vulnerability from csaf_redhat
Published
2023-01-09 14:47
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0049",
"url": "https://access.redhat.com/errata/RHSA-2023:0049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0049.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2024-11-22T21:01:09+00:00",
"generator": {
"date": "2024-11-22T21:01:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:0049",
"initial_release_date": "2023-01-09T14:47:07+00:00",
"revision_history": [
{
"date": "2023-01-09T14:47:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-09T14:47:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T21:01:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-142.el8_7.1.src",
"product": {
"name": "grub2-1:2.02-142.el8_7.1.src",
"product_id": "grub2-1:2.02-142.el8_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-142.el8_7.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.02-142.el8_7.1.noarch",
"product": {
"name": "grub2-common-1:2.02-142.el8_7.1.noarch",
"product_id": "grub2-common-1:2.02-142.el8_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.02-142.el8_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-142.el8_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"product": {
"name": "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"product_id": "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-142.el8_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"product_id": "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-142.el8_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"product": {
"name": "grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"product_id": "grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-142.el8_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"product_id": "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-142.el8_7.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-tools-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-tools-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-pc-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-pc-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-142.el8_7.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src"
},
"product_reference": "grub2-1:2.02-142.el8_7.1.src",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch"
},
"product_reference": "grub2-common-1:2.02-142.el8_7.1.noarch",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-pc-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-tools-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zhang Boyang"
]
}
],
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src",
"BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2601"
},
{
"category": "external",
"summary": "RHBZ#2112975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-09T14:47:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src",
"BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src",
"BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass"
},
{
"acknowledgments": [
{
"names": [
"Daniel Axtens"
]
}
],
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Heap based out-of-bounds write when redering certain unicode sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src",
"BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3775"
},
{
"category": "external",
"summary": "RHBZ#2138880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-09T14:47:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src",
"BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src",
"BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le",
"BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Heap based out-of-bounds write when redering certain unicode sequences"
}
]
}
ghsa-8h84-vmjf-pcmj
Vulnerability from github
Published
2022-12-19 21:30
Modified
2022-12-28 21:30
Severity ?
Details
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
{
"affected": [],
"aliases": [
"CVE-2022-3775"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-19T20:15:00Z",
"severity": "HIGH"
},
"details": "When rendering certain unicode sequences, grub2\u0027s font code doesn\u0027t proper validate if the informed glyph\u0027s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\u0027s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.",
"id": "GHSA-8h84-vmjf-pcmj",
"modified": "2022-12-28T21:30:21Z",
"published": "2022-12-19T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3775"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
ncsc-2024-0334
Vulnerability from csaf_ncscnl
Published
2024-08-13 18:19
Modified
2024-08-27 07:59
Summary
Kwetsbaarheden verholpen in Microsoft Windows
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Microsoft heeft kwetsbaarheden verholpen in Windows.
Interpretaties
Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service
- Omzeilen van beveiligingsmaatregel
- Manipuleren van gegevens
- Verkrijgen van verhoogde rechten
- Spoofing
- Uitvoeren van willekeurige code (root/administrator rechten)
- Uitvoeren van willekeurige code (Gebruikersrechten)
- Toegang tot systeemgegevens
Van de kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107, CVE-2024-38178 en CVE-2024-38193 geeft Microsoft aan informatie te hebben dat deze actief zijn misbruikt.
De kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107 en CVE-2024-38193 bevinden zich respectievelijk in de Kernel, de Power Dependency Coördinator en de Ancillary Function Driver for WinSock en stellen een lokale, geauthenticeerde kwaadwillende in staat om zich verhoogde rechten toe te kennen en code uit te voeren met SYSTEM rechten.
De kwetsbaarheid met kenmerk CVE-2024-38178 bevindt zich in de Scripting Engine en stelt een kwaadwillende in staat om willekeurige code uit te voeren met rechten van het slachtoffer. Succesvol misbruik vereist wel dat de kwaadwillende het slachtoffer misleidt om de Edge browser in 'Internet Explorer mode' laat draaien.
Van de genoemde kwetsbaarheden is geen publieke Proof-of-Concept-code of exploit beschikbaar. Het vermoeden van het NCSC is echter dat deze wel op korte termijn publiek beschikbaar zal komen. Grootschalig actief misbruik is minder waarschijnlijk, vanwege de beperkende voorwaarden van misbruik.
De ernstigste kwetsbaarheid heeft kenmerk CVE-2024-38063 toegewezen gekregen en bevindt zich in de wijze waarop Windows het IPv6 Protocol verwerkt. Een kwaadwillende kan zonder voorafgaande authenticatie op afstand willekeurige code uitvoeren op het kwetsbare systeem door het herhaaldelijk verzenden van speciaal geprepareerde IPv6 packets. IPv6 is standaard actief. Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd waarmee de kwetsbaarheid kan worden aangetoond. De PoC code vereist dat het doelwit onder controle is van de onderzoeker en veroorzaakt op dit moment hooguit een memory corruption wat resulteert in een crash van het systeem. Uitvoer van willekeurige code wordt niet bereikt. De kans op grootschalig misbruik wordt hiermee groter, maar door de beperkende voorwaarde om de PoC werkend te krijgen is deze PoC niet zondermeer grootschalig op internet in te zetten. Microsoft is niet op de hoogte dat de kwetsbaarheid actief wordt misbruikt. Microsoft adviseert om als mitigerende maatregel IPv6 uit te schakelen indien dit niet strikt noodzakelijk is.
De kwetsbaarheden met kenmerk CVE-2024-21302 en CVE-2024-38202 zijn op de laatste BlackHat Conference gepubliceerd door de onderzoeker die ze ontdekt heeft. Deze kwetsbaarheden worden in de gegevens van deze maandelijkse update wel genoemd, maar in deze update worden ze niet verholpen.
Microsoft geeft aan nog aan een oplossing te werken en heeft wel mitigerende maatregelen gepubliceerd, om de dreiging van misbruik zo goed als mogelijk te beperken. Zie hiervoor de referenties naar de specifieke kwetsbaarheid.
De kwetsbaarheden stellen een kwaadwillende in staat om een roll-back uit te voeren van geïnstalleerde updates en zo het systeem weer kwetsbaar te maken voor oudere kwetsbaarheden, zonder dat dit ontdekt kan worden door het systeem. Voor het slachtoffer blijft het systeem voldoen aan de laatste beveiligingsupdates.
Succesvol misbruik is niet eenvoudig en vereist dat de kwaadwillende over verhoogde rechten beschikt op het kwetsbare systeem. Actief misbruik zal dus vermoedelijk een volgende stap in een keten zijn door een kwaadwillende die op andere wijze toegang heeft gekregen tot het kwetsbare systeem en deze kwetsbaarheden gebruikt om permanente toegang te garanderen.
```
Windows Mark of the Web (MOTW):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38213 | 6.50 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Compressed Folder:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38165 | 6.50 | Manipuleren van gegevens |
|----------------|------|-------------------------------------|
Windows Update Stack:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38163 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38202 | 7.30 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Windows DNS:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-37968 | 7.50 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Windows Mobile Broadband:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38161 | 6.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Ancillary Function Driver for WinSock:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38193 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38141 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows IP Routing Management Snapin:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38114 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38115 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38116 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38106 | 7.00 | Verkrijgen van verhoogde rechten |
| CVE-2024-38127 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38133 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38151 | 5.50 | Toegang tot gevoelige gegevens |
| CVE-2024-38153 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Secure Boot:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2022-2601 | 8.60 | Omzeilen van beveiligingsmaatregel |
| CVE-2023-40547 | 8.30 | Omzeilen van beveiligingsmaatregel |
| CVE-2022-3775 | 7.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Kernel-Mode Drivers:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38184 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38191 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38185 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38186 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38187 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Print Spooler Components:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38198 | 7.50 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Power Dependency Coordinator:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38107 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows SmartScreen:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38180 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Initial Machine Configuration:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38223 | 6.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Line Printer Daemon Service (LPD):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38199 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Streaming Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38125 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38134 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38144 | 8.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Kerberos:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-29995 | 8.10 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Security Center:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38155 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows Scripting:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38178 | 7.50 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Local Security Authority Server (lsasrv):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38118 | 5.50 | Toegang tot gevoelige gegevens |
| CVE-2024-38122 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows NTFS:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38117 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Routing and Remote Access Service (RRAS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38121 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38128 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38130 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38154 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38120 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38214 | 6.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows WLAN Auto Config Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38143 | 4.20 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows NT OS Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38135 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Network Address Translation (NAT):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38126 | 7.50 | Denial-of-Service |
| CVE-2024-38132 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Resource Manager:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38136 | 7.00 | Verkrijgen van verhoogde rechten |
| CVE-2024-38137 | 7.00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Common Log File System Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38196 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Transport Security Layer (TLS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38148 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Secure Kernel Mode:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-21302 | 6.70 | Verkrijgen van verhoogde rechten |
| CVE-2024-38142 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Reliable Multicast Transport Driver (RMCAST):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38140 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Bluetooth Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38123 | 4.40 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows TCP/IP:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38063 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Cloud Files Mini Filter Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38215 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows DWM Core Library:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38147 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38150 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Clipboard Virtual Channel Extension:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38131 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Network Virtualization:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38159 | 9.10 | Uitvoeren van willekeurige code |
| CVE-2024-38160 | 9.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Deployment Services:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38138 | 7.50 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft WDAC OLE DB provider for SQL:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38152 | 7.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Layer-2 Bridge Network Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38145 | 7.50 | Denial-of-Service |
| CVE-2024-38146 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
```
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. Ook zijn mitigerende maatregelen gepubliceerd om de kans op misbruik te beperken voor die kwetsbaarheden waarvoor (nog) geen update beschikbaar is. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-126
Buffer Over-read
CWE-138
Improper Neutralization of Special Elements
CWE-190
Integer Overflow or Wraparound
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-197
Numeric Truncation Error
CWE-20
Improper Input Validation
CWE-208
Observable Timing Discrepancy
CWE-284
Improper Access Control
CWE-306
Missing Authentication for Critical Function
CWE-345
Insufficient Verification of Data Authenticity
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE-693
Protection Mechanism Failure
CWE-73
External Control of File Name or Path
CWE-787
Out-of-bounds Write
CWE-822
Untrusted Pointer Dereference
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-908
Use of Uninitialized Resource
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in Windows.",
"title": "Feiten"
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service\n- Omzeilen van beveiligingsmaatregel\n- Manipuleren van gegevens\n- Verkrijgen van verhoogde rechten\n- Spoofing\n- Uitvoeren van willekeurige code (root/administrator rechten)\n- Uitvoeren van willekeurige code (Gebruikersrechten)\n- Toegang tot systeemgegevens\n\nVan de kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107, CVE-2024-38178 en CVE-2024-38193 geeft Microsoft aan informatie te hebben dat deze actief zijn misbruikt.\n\nDe kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107 en CVE-2024-38193 bevinden zich respectievelijk in de Kernel, de Power Dependency Co\u00f6rdinator en de Ancillary Function Driver for WinSock en stellen een lokale, geauthenticeerde kwaadwillende in staat om zich verhoogde rechten toe te kennen en code uit te voeren met SYSTEM rechten.\n\nDe kwetsbaarheid met kenmerk CVE-2024-38178 bevindt zich in de Scripting Engine en stelt een kwaadwillende in staat om willekeurige code uit te voeren met rechten van het slachtoffer. Succesvol misbruik vereist wel dat de kwaadwillende het slachtoffer misleidt om de Edge browser in \u0027Internet Explorer mode\u0027 laat draaien.\nVan de genoemde kwetsbaarheden is geen publieke Proof-of-Concept-code of exploit beschikbaar. Het vermoeden van het NCSC is echter dat deze wel op korte termijn publiek beschikbaar zal komen. Grootschalig actief misbruik is minder waarschijnlijk, vanwege de beperkende voorwaarden van misbruik.\n\nDe ernstigste kwetsbaarheid heeft kenmerk CVE-2024-38063 toegewezen gekregen en bevindt zich in de wijze waarop Windows het IPv6 Protocol verwerkt. Een kwaadwillende kan zonder voorafgaande authenticatie op afstand willekeurige code uitvoeren op het kwetsbare systeem door het herhaaldelijk verzenden van speciaal geprepareerde IPv6 packets. IPv6 is standaard actief. Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd waarmee de kwetsbaarheid kan worden aangetoond. De PoC code vereist dat het doelwit onder controle is van de onderzoeker en veroorzaakt op dit moment hooguit een memory corruption wat resulteert in een crash van het systeem. Uitvoer van willekeurige code wordt niet bereikt. De kans op grootschalig misbruik wordt hiermee groter, maar door de beperkende voorwaarde om de PoC werkend te krijgen is deze PoC niet zondermeer grootschalig op internet in te zetten. Microsoft is niet op de hoogte dat de kwetsbaarheid actief wordt misbruikt. Microsoft adviseert om als mitigerende maatregel IPv6 uit te schakelen indien dit niet strikt noodzakelijk is.\n\nDe kwetsbaarheden met kenmerk CVE-2024-21302 en CVE-2024-38202 zijn op de laatste BlackHat Conference gepubliceerd door de onderzoeker die ze ontdekt heeft. Deze kwetsbaarheden worden in de gegevens van deze maandelijkse update wel genoemd, maar in deze update worden ze niet verholpen.\nMicrosoft geeft aan nog aan een oplossing te werken en heeft wel mitigerende maatregelen gepubliceerd, om de dreiging van misbruik zo goed als mogelijk te beperken. Zie hiervoor de referenties naar de specifieke kwetsbaarheid.\n\nDe kwetsbaarheden stellen een kwaadwillende in staat om een roll-back uit te voeren van ge\u00efnstalleerde updates en zo het systeem weer kwetsbaar te maken voor oudere kwetsbaarheden, zonder dat dit ontdekt kan worden door het systeem. Voor het slachtoffer blijft het systeem voldoen aan de laatste beveiligingsupdates.\nSuccesvol misbruik is niet eenvoudig en vereist dat de kwaadwillende over verhoogde rechten beschikt op het kwetsbare systeem. Actief misbruik zal dus vermoedelijk een volgende stap in een keten zijn door een kwaadwillende die op andere wijze toegang heeft gekregen tot het kwetsbare systeem en deze kwetsbaarheden gebruikt om permanente toegang te garanderen.\n\n\n```\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38213 | 6.50 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Compressed Folder: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38165 | 6.50 | Manipuleren van gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Update Stack: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38163 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38202 | 7.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-37968 | 7.50 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows Mobile Broadband: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38161 | 6.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38193 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38141 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows IP Routing Management Snapin: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38114 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38115 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38116 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38106 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38127 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38133 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38151 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2024-38153 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2022-2601 | 8.60 | Omzeilen van beveiligingsmaatregel | \n| CVE-2023-40547 | 8.30 | Omzeilen van beveiligingsmaatregel | \n| CVE-2022-3775 | 7.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38184 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38191 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38185 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38186 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38187 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38198 | 7.50 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Power Dependency Coordinator: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38107 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SmartScreen: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38180 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Initial Machine Configuration: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38223 | 6.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nLine Printer Daemon Service (LPD): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38199 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Streaming Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38125 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38134 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38144 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-29995 | 8.10 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Security Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38155 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Scripting: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38178 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Local Security Authority Server (lsasrv): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38118 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2024-38122 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38117 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Routing and Remote Access Service (RRAS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38121 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38128 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38130 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38154 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38120 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38214 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows WLAN Auto Config Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38143 | 4.20 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows NT OS Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38135 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Network Address Translation (NAT): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38126 | 7.50 | Denial-of-Service | \n| CVE-2024-38132 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Resource Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38136 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38137 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38196 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Transport Security Layer (TLS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38148 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Secure Kernel Mode: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-21302 | 6.70 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38142 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nReliable Multicast Transport Driver (RMCAST): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38140 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Bluetooth Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38123 | 4.40 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38063 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38215 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38147 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38150 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Clipboard Virtual Channel Extension: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38131 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Network Virtualization: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38159 | 9.10 | Uitvoeren van willekeurige code | \n| CVE-2024-38160 | 9.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38138 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft WDAC OLE DB provider for SQL: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38152 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Layer-2 Bridge Network Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38145 | 7.50 | Denial-of-Service | \n| CVE-2024-38146 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n```",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. Ook zijn mitigerende maatregelen gepubliceerd om de kans op misbruik te beperken voor die kwetsbaarheden waarvoor (nog) geen update beschikbaar is. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements",
"title": "CWE-138"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Observable Timing Discrepancy",
"title": "CWE-208"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Sensitive Data Storage in Improperly Locked Memory",
"title": "CWE-591"
},
{
"category": "general",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
},
{
"category": "general",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - certbundde; cveprojectv5; hkcert; nvd",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063"
},
{
"category": "external",
"summary": "Reference - certbundde; cveprojectv5; hkcert; nvd",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202"
}
],
"title": "Kwetsbaarheden verholpen in Microsoft Windows",
"tracking": {
"current_release_date": "2024-08-27T07:59:08.391850Z",
"id": "NCSC-2024-0334",
"initial_release_date": "2024-08-13T18:19:27.728322Z",
"revision_history": [
{
"date": "2024-08-13T18:19:27.728322Z",
"number": "0",
"summary": "Initiele versie"
},
{
"date": "2024-08-27T07:59:08.391850Z",
"number": "1",
"summary": "Er is Proof-of-Concept-code (PoC) verschenen voor de kwetsbaarheid met kenmerk CVE-2024-38063"
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "remote_desktop_client_for_windows_desktop",
"product": {
"name": "remote_desktop_client_for_windows_desktop",
"product_id": "CSAFPID-1455711",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:remote_desktop_client_for_windows_desktop:1.2.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_1507",
"product": {
"name": "windows_10_version_1507",
"product_id": "CSAFPID-1453769",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_1507:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_1507",
"product": {
"name": "windows_10_version_1507",
"product_id": "CSAFPID-1574686",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_1507:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_1607",
"product": {
"name": "windows_10_version_1607",
"product_id": "CSAFPID-1453770",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_1607:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_1607",
"product": {
"name": "windows_10_version_1607",
"product_id": "CSAFPID-1574687",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_1607:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_1809",
"product": {
"name": "windows_10_version_1809",
"product_id": "CSAFPID-1453758",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_1809:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_1809",
"product": {
"name": "windows_10_version_1809",
"product_id": "CSAFPID-1455810",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_1809:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_21h2",
"product": {
"name": "windows_10_version_21h2",
"product_id": "CSAFPID-1453800",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_21h2:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_21h2",
"product": {
"name": "windows_10_version_21h2",
"product_id": "CSAFPID-1610391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_21h2:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_22h2",
"product": {
"name": "windows_10_version_22h2",
"product_id": "CSAFPID-1453802",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_22h2:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_version_22h2",
"product": {
"name": "windows_10_version_22h2",
"product_id": "CSAFPID-1610393",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_10_version_22h2:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_21h2",
"product": {
"name": "windows_11_version_21h2",
"product_id": "CSAFPID-1453799",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_21h2:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_21h2",
"product": {
"name": "windows_11_version_21h2",
"product_id": "CSAFPID-1610390",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_21h2:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_22h2",
"product": {
"name": "windows_11_version_22h2",
"product_id": "CSAFPID-1453801",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_22h2:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_22h2",
"product": {
"name": "windows_11_version_22h2",
"product_id": "CSAFPID-1610392",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_22h2:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_22h3",
"product": {
"name": "windows_11_version_22h3",
"product_id": "CSAFPID-1453803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_22h3:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_22h3",
"product": {
"name": "windows_11_version_22h3",
"product_id": "CSAFPID-1610394",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_22h3:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_23h2",
"product": {
"name": "windows_11_version_23h2",
"product_id": "CSAFPID-1453804",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_23h2:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_23h2",
"product": {
"name": "windows_11_version_23h2",
"product_id": "CSAFPID-1610395",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_23h2:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_24h2",
"product": {
"name": "windows_11_version_24h2",
"product_id": "CSAFPID-1615902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_24h2:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11_version_24h2",
"product": {
"name": "windows_11_version_24h2",
"product_id": "CSAFPID-1610396",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_11_version_24h2:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2008__service_pack_2",
"product": {
"name": "windows_server_2008__service_pack_2",
"product_id": "CSAFPID-1453778",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2008__service_pack_2:6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2008_r2_service_pack_1__server_core_installation_",
"product": {
"name": "windows_server_2008_r2_service_pack_1__server_core_installation_",
"product_id": "CSAFPID-1453780",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1__server_core_installation_:6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2008_r2_service_pack_1",
"product": {
"name": "windows_server_2008_r2_service_pack_1",
"product_id": "CSAFPID-1453779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1:6.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2008_service_pack_2__server_core_installation_",
"product": {
"name": "windows_server_2008_service_pack_2__server_core_installation_",
"product_id": "CSAFPID-1453777",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2008_service_pack_2__server_core_installation_:6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2008_service_pack_2",
"product": {
"name": "windows_server_2008_service_pack_2",
"product_id": "CSAFPID-1453776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2008_service_pack_2:6.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2012__server_core_installation_",
"product": {
"name": "windows_server_2012__server_core_installation_",
"product_id": "CSAFPID-1453782",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2012__server_core_installation_:6.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2012_r2__server_core_installation_",
"product": {
"name": "windows_server_2012_r2__server_core_installation_",
"product_id": "CSAFPID-1453784",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2012_r2__server_core_installation_:6.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2012_r2",
"product": {
"name": "windows_server_2012_r2",
"product_id": "CSAFPID-1453783",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2012_r2:6.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2012",
"product": {
"name": "windows_server_2012",
"product_id": "CSAFPID-1453781",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2012:6.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2016__server_core_installation_",
"product": {
"name": "windows_server_2016__server_core_installation_",
"product_id": "CSAFPID-1453772",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2016__server_core_installation_:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2016__server_core_installation_",
"product": {
"name": "windows_server_2016__server_core_installation_",
"product_id": "CSAFPID-1457438",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2016__server_core_installation_:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2016",
"product": {
"name": "windows_server_2016",
"product_id": "CSAFPID-1453771",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2016:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2016",
"product": {
"name": "windows_server_2016",
"product_id": "CSAFPID-1457437",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2016:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2019__server_core_installation_",
"product": {
"name": "windows_server_2019__server_core_installation_",
"product_id": "CSAFPID-1453760",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2019__server_core_installation_:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2019__server_core_installation_",
"product": {
"name": "windows_server_2019__server_core_installation_",
"product_id": "CSAFPID-1457435",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2019__server_core_installation_:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2019",
"product": {
"name": "windows_server_2019",
"product_id": "CSAFPID-1453759",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2019",
"product": {
"name": "windows_server_2019",
"product_id": "CSAFPID-1457434",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2019:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022__23h2_edition__server_core_installation_",
"product": {
"name": "windows_server_2022__23h2_edition__server_core_installation_",
"product_id": "CSAFPID-1453805",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2022__23h2_edition__server_core_installation_:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022__23h2_edition__server_core_installation_",
"product": {
"name": "windows_server_2022__23h2_edition__server_core_installation_",
"product_id": "CSAFPID-1455588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2022__23h2_edition__server_core_installation_:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022",
"product": {
"name": "windows_server_2022",
"product_id": "CSAFPID-1453798",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2022:10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022",
"product": {
"name": "windows_server_2022",
"product_id": "CSAFPID-1457436",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:windows_server_2022:n_a:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_for_32-bit_systems",
"product": {
"name": "windows_10_for_32-bit_systems",
"product_id": "CSAFPID-1502044",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10_for_32-bit_systems:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10_for_64-based_systems",
"product": {
"name": "windows_10_for_64-based_systems",
"product_id": "CSAFPID-1502062",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10_for_64-based_systems:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-2507",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502046",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:1607_for_32-bit_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502058",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:1607_for_x64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-2482",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502053",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:1809_for_32-bit_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502047",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:1809_for_arm64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502040",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:1809_for_x64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-2483",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502051",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:21h2_for_32-bit_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502043",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:21h2_for_arm64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502061",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:21h2_for_x64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-2481",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502041",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:22h2_for_32-bit_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502057",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:22h2_for_arm64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-1502060",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:22h2_for_x64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_10",
"product": {
"name": "windows_10",
"product_id": "CSAFPID-3823",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1502050",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:21h2_for_arm64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1502059",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:21h2_for_x64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-168717",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:21h2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1502039",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:22h2_for_arm64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1502056",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:22h2_for_x64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-168718",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1502045",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:23h2_for_arm64-based_system:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1502055",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:23h2_for_x64-based_systems:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-804567",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:23h2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1614511",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:24h2_for_arm64-based_system:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1614512",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:24h2_for_x64-based_system:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_11",
"product": {
"name": "windows_11",
"product_id": "CSAFPID-1610036",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_11:24h2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2016",
"product": {
"name": "windows_server_2016",
"product_id": "CSAFPID-2417",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2016",
"product": {
"name": "windows_server_2016",
"product_id": "CSAFPID-168719",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2019",
"product": {
"name": "windows_server_2019",
"product_id": "CSAFPID-2414",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2019",
"product": {
"name": "windows_server_2019",
"product_id": "CSAFPID-75346",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022_23h2",
"product": {
"name": "windows_server_2022_23h2",
"product_id": "CSAFPID-747000",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022",
"product": {
"name": "windows_server_2022",
"product_id": "CSAFPID-2488",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022",
"product": {
"name": "windows_server_2022",
"product_id": "CSAFPID-75345",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows_server_2022",
"product": {
"name": "windows_server_2022",
"product_id": "CSAFPID-1502048",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows_server_2022:23h2_edition:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "windows",
"product": {
"name": "windows",
"product_id": "CSAFPID-289704",
"product_identification_helper": {
"cpe": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-2601",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1502048"
]
}
],
"title": "CVE-2022-2601"
},
{
"cve": "CVE-2024-38161",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1502048",
"CSAFPID-75346",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2414",
"CSAFPID-2481",
"CSAFPID-2483"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38161",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1502048",
"CSAFPID-75346",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2414",
"CSAFPID-2481",
"CSAFPID-2483"
]
}
],
"title": "CVE-2024-38161"
},
{
"cve": "CVE-2024-38178",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2488"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38178",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38178.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2488"
]
}
],
"title": "CVE-2024-38178"
},
{
"cve": "CVE-2024-38184",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38184"
},
{
"cve": "CVE-2024-38191",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38191",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38191.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38191"
},
{
"cve": "CVE-2024-38193",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2488",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38193",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2488",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38193"
},
{
"cve": "CVE-2024-38196",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38196",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38196.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38196"
},
{
"cve": "CVE-2024-38198",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38198",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38198.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38198"
},
{
"cve": "CVE-2024-38199",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38199",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38199.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38199"
},
{
"cve": "CVE-2024-38213",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "other",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-2417",
"CSAFPID-2488",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38213",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38213.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-2417",
"CSAFPID-2488",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38213"
},
{
"cve": "CVE-2024-21302",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2488",
"CSAFPID-1502048",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-289704",
"CSAFPID-1455810",
"CSAFPID-1457434",
"CSAFPID-1457435",
"CSAFPID-1457436",
"CSAFPID-1610390",
"CSAFPID-1610391",
"CSAFPID-1610392",
"CSAFPID-1610393",
"CSAFPID-1610394",
"CSAFPID-1610395",
"CSAFPID-1455588",
"CSAFPID-1610396",
"CSAFPID-1574686",
"CSAFPID-1574687",
"CSAFPID-1457437",
"CSAFPID-1457438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21302",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21302.json"
}
],
"title": "CVE-2024-21302"
},
{
"cve": "CVE-2023-40547",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-40547",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1502048"
]
}
],
"title": "CVE-2023-40547"
},
{
"cve": "CVE-2024-38063",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38063",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38063.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38063"
},
{
"cve": "CVE-2024-38106",
"cwe": {
"id": "CWE-591",
"name": "Sensitive Data Storage in Improperly Locked Memory"
},
"notes": [
{
"category": "other",
"text": "Sensitive Data Storage in Improperly Locked Memory",
"title": "CWE-591"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1615902",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-2488",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38106",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38106.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1615902",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-2488",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38106"
},
{
"cve": "CVE-2024-38107",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-2488",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38107",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38107.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-2488",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38107"
},
{
"cve": "CVE-2024-29995",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Timing Discrepancy",
"title": "CWE-208"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453800",
"CSAFPID-1453802",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29995",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29995.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453800",
"CSAFPID-1453802",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345"
]
}
],
"title": "CVE-2024-29995"
},
{
"cve": "CVE-2024-38114",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38114"
},
{
"cve": "CVE-2024-38115",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38115",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38115"
},
{
"cve": "CVE-2024-38116",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38116",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38116.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38116"
},
{
"cve": "CVE-2024-38117",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38117",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38117.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38117"
},
{
"cve": "CVE-2024-38118",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38118",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38118.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38118"
},
{
"cve": "CVE-2024-38122",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38122",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38122"
},
{
"cve": "CVE-2024-38125",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38125",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38125.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38125"
},
{
"cve": "CVE-2024-38126",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38126",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38126.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38126"
},
{
"cve": "CVE-2024-38130",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38130"
},
{
"cve": "CVE-2024-38131",
"cwe": {
"id": "CWE-591",
"name": "Sensitive Data Storage in Improperly Locked Memory"
},
"notes": [
{
"category": "other",
"text": "Sensitive Data Storage in Improperly Locked Memory",
"title": "CWE-591"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1455711",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38131",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38131.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1455711",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38131"
},
{
"cve": "CVE-2024-38132",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38132",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38132.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38132"
},
{
"cve": "CVE-2024-38133",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements",
"title": "CWE-138"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2414",
"CSAFPID-2481",
"CSAFPID-2483"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2414",
"CSAFPID-2481",
"CSAFPID-2483"
]
}
],
"title": "CVE-2024-38133"
},
{
"cve": "CVE-2024-38134",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38134",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38134.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38134"
},
{
"cve": "CVE-2024-38136",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2414",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2483",
"CSAFPID-1502048",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38136",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38136.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2414",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2483",
"CSAFPID-1502048",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38136"
},
{
"cve": "CVE-2024-38140",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38140",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38140.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38140"
},
{
"cve": "CVE-2024-38141",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38141",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38141.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38141"
},
{
"cve": "CVE-2024-38142",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38142",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38142.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38142"
},
{
"cve": "CVE-2024-38143",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38143.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38143"
},
{
"cve": "CVE-2024-38144",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38144",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38144.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38144"
},
{
"cve": "CVE-2024-38145",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38145",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38145.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38145"
},
{
"cve": "CVE-2024-38146",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38146",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38146.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38146"
},
{
"cve": "CVE-2024-38151",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38151",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38151.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481",
"CSAFPID-2482"
]
}
],
"title": "CVE-2024-38151"
},
{
"cve": "CVE-2024-38152",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38152",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38152.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38152"
},
{
"cve": "CVE-2024-38153",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38153",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38153.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38153"
},
{
"cve": "CVE-2024-38155",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1615902",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38155",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38155.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1615902",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38155"
},
{
"cve": "CVE-2024-38180",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "other",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38180",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38180.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38180"
},
{
"cve": "CVE-2024-38185",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38185",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38185.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38185"
},
{
"cve": "CVE-2024-38186",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38186",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38186.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38186"
},
{
"cve": "CVE-2024-38187",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38187",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38187.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38187"
},
{
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-3775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3775.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1502048"
]
}
],
"title": "CVE-2022-3775"
},
{
"cve": "CVE-2024-38215",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38215",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38215.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38215"
},
{
"cve": "CVE-2024-38202",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-289704",
"CSAFPID-1455810",
"CSAFPID-1457434",
"CSAFPID-1457435",
"CSAFPID-1457436",
"CSAFPID-1610390",
"CSAFPID-1610391",
"CSAFPID-1610392",
"CSAFPID-1610393",
"CSAFPID-1610394",
"CSAFPID-1610395",
"CSAFPID-1455588",
"CSAFPID-1574687",
"CSAFPID-1457437",
"CSAFPID-1457438",
"CSAFPID-2488",
"CSAFPID-2414",
"CSAFPID-2417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38202",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38202.json"
}
],
"title": "CVE-2024-38202"
},
{
"cve": "CVE-2024-38223",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38223",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38223.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-2507",
"CSAFPID-2481",
"CSAFPID-3823",
"CSAFPID-2482",
"CSAFPID-2483",
"CSAFPID-168718",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38223"
},
{
"cve": "CVE-2024-38127",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38127",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38127.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453758",
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1453769",
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-2483",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481",
"CSAFPID-2482",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38127"
},
{
"cve": "CVE-2024-38121",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38121",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38121.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38121"
},
{
"cve": "CVE-2024-38128",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38128",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38128.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38128"
},
{
"cve": "CVE-2024-38138",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-747000",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38138.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-747000",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38138"
},
{
"cve": "CVE-2024-38154",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38154",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38154.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-38154"
},
{
"cve": "CVE-2024-38120",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38120",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38120.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000"
]
}
],
"title": "CVE-2024-38120"
},
{
"cve": "CVE-2024-38214",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38214",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38214.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-168719",
"CSAFPID-75346",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38214"
},
{
"cve": "CVE-2024-37968",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37968",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37968.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453759",
"CSAFPID-1453760",
"CSAFPID-1453798",
"CSAFPID-1453805",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1453776",
"CSAFPID-1453777",
"CSAFPID-1453778",
"CSAFPID-1453779",
"CSAFPID-1453780",
"CSAFPID-1453781",
"CSAFPID-1453782",
"CSAFPID-1453783",
"CSAFPID-1453784",
"CSAFPID-747000",
"CSAFPID-2507",
"CSAFPID-2414",
"CSAFPID-2417",
"CSAFPID-75345",
"CSAFPID-1502048",
"CSAFPID-168719",
"CSAFPID-75346"
]
}
],
"title": "CVE-2024-37968"
},
{
"cve": "CVE-2024-38137",
"cwe": {
"id": "CWE-591",
"name": "Sensitive Data Storage in Improperly Locked Memory"
},
"notes": [
{
"category": "other",
"text": "Sensitive Data Storage in Improperly Locked Memory",
"title": "CWE-591"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38137",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38137.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-75345",
"CSAFPID-2481"
]
}
],
"title": "CVE-2024-38137"
},
{
"cve": "CVE-2024-38147",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38147",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38147.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481"
]
}
],
"title": "CVE-2024-38147"
},
{
"cve": "CVE-2024-38148",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453801",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1502048",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38148",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38148.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453801",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1502048",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718"
]
}
],
"title": "CVE-2024-38148"
},
{
"cve": "CVE-2024-38150",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38150",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38150.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453798",
"CSAFPID-1453799",
"CSAFPID-1453800",
"CSAFPID-1453801",
"CSAFPID-1453802",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1615902",
"CSAFPID-1502048",
"CSAFPID-75345",
"CSAFPID-747000",
"CSAFPID-168718",
"CSAFPID-3823",
"CSAFPID-2481"
]
}
],
"title": "CVE-2024-38150"
},
{
"cve": "CVE-2024-38135",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1453801",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-168718"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38135",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38135.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1453801",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1453805",
"CSAFPID-1502048",
"CSAFPID-747000",
"CSAFPID-168718"
]
}
],
"title": "CVE-2024-38135"
},
{
"cve": "CVE-2024-38165",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453801",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38165",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38165.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453801",
"CSAFPID-1453803",
"CSAFPID-1453804",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38165"
},
{
"cve": "CVE-2024-38159",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1502048",
"CSAFPID-2417",
"CSAFPID-2482",
"CSAFPID-168719"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38159",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38159.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1502048",
"CSAFPID-2417",
"CSAFPID-2482",
"CSAFPID-168719"
]
}
],
"title": "CVE-2024-38159"
},
{
"cve": "CVE-2024-38160",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1502048",
"CSAFPID-168719"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38160",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38160.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1453770",
"CSAFPID-1453771",
"CSAFPID-1453772",
"CSAFPID-1502048",
"CSAFPID-168719"
]
}
],
"title": "CVE-2024-38160"
},
{
"cve": "CVE-2024-38123",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615902",
"CSAFPID-1502048"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38123",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38123.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615902",
"CSAFPID-1502048"
]
}
],
"title": "CVE-2024-38123"
}
]
}
ncsc-2024-0339
Vulnerability from csaf_ncscnl
Published
2024-08-13 18:23
Modified
2024-08-13 18:23
Summary
Kwetsbaarheden verholpen in Microsoft Mariner
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Microsoft heeft kwetsbaarheden verholpen in Mariner (Azure Linux).
Interpretaties
De kwetsbaarheden betreffen oudere kwetsbaarheden in diverse subcomponenten van de distro, zoals Python, Emacs, Qemu, Django, Curl, wget etc. welke in de nieuwe versie zijn verholpen.
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans
medium
Schade
high
CWE-115
Misinterpretation of Input
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-129
Improper Validation of Array Index
CWE-187
Partial String Comparison
CWE-190
Integer Overflow or Wraparound
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-193
Off-by-one Error
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-269
Improper Privilege Management
CWE-273
Improper Check for Dropped Privileges
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-295
Improper Certificate Validation
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-299
Improper Check for Certificate Revocation
CWE-319
Cleartext Transmission of Sensitive Information
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-369
Divide By Zero
CWE-371
CWE-371
CWE-400
Uncontrolled Resource Consumption
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-532
Insertion of Sensitive Information into Log File
CWE-667
Improper Locking
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-833
Deadlock
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-863
Incorrect Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in Mariner (Azure Linux).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen oudere kwetsbaarheden in diverse subcomponenten van de distro, zoals Python, Emacs, Qemu, Django, Curl, wget etc. welke in de nieuwe versie zijn verholpen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Partial String Comparison",
"title": "CWE-187"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Check for Dropped Privileges",
"title": "CWE-273"
},
{
"category": "general",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Improper Check for Certificate Revocation",
"title": "CWE-299"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Divide By Zero",
"title": "CWE-369"
},
{
"category": "general",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Deadlock",
"title": "CWE-833"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"title": "CWE-95"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Mariner",
"tracking": {
"current_release_date": "2024-08-13T18:23:22.271316Z",
"id": "NCSC-2024-0339",
"initial_release_date": "2024-08-13T18:23:22.271316Z",
"revision_history": [
{
"date": "2024-08-13T18:23:22.271316Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cbl-mariner",
"product": {
"name": "cbl-mariner",
"product_id": "CSAFPID-1489521",
"product_identification_helper": {
"cpe": "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2601",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-2601",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json"
}
],
"title": "CVE-2022-2601"
},
{
"cve": "CVE-2022-3775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-3775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3775.json"
}
],
"title": "CVE-2022-3775"
},
{
"cve": "CVE-2022-36648",
"references": [
{
"category": "self",
"summary": "CVE-2022-36648",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36648.json"
}
],
"title": "CVE-2022-36648"
},
{
"cve": "CVE-2019-3833",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2019-3833",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-3833.json"
}
],
"title": "CVE-2019-3833"
},
{
"cve": "CVE-2021-3929",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-3929",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3929.json"
}
],
"title": "CVE-2021-3929"
},
{
"cve": "CVE-2021-4158",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-4158",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4158.json"
}
],
"title": "CVE-2021-4158"
},
{
"cve": "CVE-2021-4206",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-4206",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4206.json"
}
],
"title": "CVE-2021-4206"
},
{
"cve": "CVE-2021-4207",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-4207",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4207.json"
}
],
"title": "CVE-2021-4207"
},
{
"cve": "CVE-2022-26353",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-26353",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26353.json"
}
],
"title": "CVE-2022-26353"
},
{
"cve": "CVE-2022-35414",
"references": [
{
"category": "self",
"summary": "CVE-2022-35414",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-35414.json"
}
],
"title": "CVE-2022-35414"
},
{
"cve": "CVE-2023-3354",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-3354",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3354.json"
}
],
"title": "CVE-2023-3354"
},
{
"cve": "CVE-2022-3872",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "other",
"text": "Off-by-one Error",
"title": "CWE-193"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-3872",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3872.json"
}
],
"title": "CVE-2022-3872"
},
{
"cve": "CVE-2022-4144",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-4144",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-4144.json"
}
],
"title": "CVE-2022-4144"
},
{
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-45288",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2023-29404",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-29404",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29404.json"
}
],
"title": "CVE-2023-29404"
},
{
"cve": "CVE-2023-29402",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-29402",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29402.json"
}
],
"title": "CVE-2023-29402"
},
{
"cve": "CVE-2019-3816",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2019-3816",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-3816.json"
}
],
"title": "CVE-2019-3816"
},
{
"cve": "CVE-2021-3750",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-3750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3750.json"
}
],
"title": "CVE-2021-3750"
},
{
"cve": "CVE-2022-0358",
"cwe": {
"id": "CWE-273",
"name": "Improper Check for Dropped Privileges"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Dropped Privileges",
"title": "CWE-273"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-0358",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0358.json"
}
],
"title": "CVE-2022-0358"
},
{
"cve": "CVE-2022-26354",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-26354",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26354.json"
}
],
"title": "CVE-2022-26354"
},
{
"cve": "CVE-2022-3165",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-3165",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3165.json"
}
],
"title": "CVE-2022-3165"
},
{
"cve": "CVE-2022-2962",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-2962",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2962.json"
}
],
"title": "CVE-2022-2962"
},
{
"cve": "CVE-2022-41722",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-41722",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41722.json"
}
],
"title": "CVE-2022-41722"
},
{
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-29526",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-29526.json"
}
],
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2007-4559",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2007-4559",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2007/CVE-2007-4559.json"
}
],
"title": "CVE-2007-4559"
},
{
"cve": "CVE-2019-9674",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2019-9674",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-9674.json"
}
],
"title": "CVE-2019-9674"
},
{
"cve": "CVE-2017-18207",
"references": [
{
"category": "self",
"summary": "CVE-2017-18207",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-18207.json"
}
],
"title": "CVE-2017-18207"
},
{
"cve": "CVE-2019-20907",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2019-20907",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-20907.json"
}
],
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2021-23336",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-23336",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23336.json"
}
],
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2017-17522",
"references": [
{
"category": "self",
"summary": "CVE-2017-17522",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-17522.json"
}
],
"title": "CVE-2017-17522"
},
{
"cve": "CVE-2024-6655",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6655",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6655.json"
}
],
"title": "CVE-2024-6655"
},
{
"cve": "CVE-2024-2466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-2466",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json"
}
],
"title": "CVE-2024-2466"
},
{
"cve": "CVE-2024-39331",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"title": "CWE-95"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39331",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39331.json"
}
],
"title": "CVE-2024-39331"
},
{
"cve": "CVE-2021-43565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-43565",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43565.json"
}
],
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2024-39277",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39277",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39277.json"
}
],
"title": "CVE-2024-39277"
},
{
"cve": "CVE-2024-38780",
"cwe": {
"id": "CWE-371",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38780",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38780.json"
}
],
"title": "CVE-2024-38780"
},
{
"cve": "CVE-2024-39292",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39292",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39292.json"
}
],
"title": "CVE-2024-39292"
},
{
"cve": "CVE-2024-39482",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39482",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39482.json"
}
],
"title": "CVE-2024-39482"
},
{
"cve": "CVE-2024-39484",
"references": [
{
"category": "self",
"summary": "CVE-2024-39484",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39484.json"
}
],
"title": "CVE-2024-39484"
},
{
"cve": "CVE-2024-39495",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39495",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39495.json"
}
],
"title": "CVE-2024-39495"
},
{
"cve": "CVE-2024-40902",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-40902",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40902.json"
}
],
"title": "CVE-2024-40902"
},
{
"cve": "CVE-2024-41110",
"cwe": {
"id": "CWE-187",
"name": "Partial String Comparison"
},
"notes": [
{
"category": "other",
"text": "Partial String Comparison",
"title": "CWE-187"
},
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-41110",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41110.json"
}
],
"title": "CVE-2024-41110"
},
{
"cve": "CVE-2024-37298",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-37298",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37298.json"
}
],
"title": "CVE-2024-37298"
},
{
"cve": "CVE-2024-0397",
"references": [
{
"category": "self",
"summary": "CVE-2024-0397",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-38571",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38571",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38571.json"
}
],
"title": "CVE-2024-38571"
},
{
"cve": "CVE-2024-42077",
"references": [
{
"category": "self",
"summary": "CVE-2024-42077",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42077.json"
}
],
"title": "CVE-2024-42077"
},
{
"cve": "CVE-2024-39473",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39473",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39473.json"
}
],
"title": "CVE-2024-39473"
},
{
"cve": "CVE-2024-26900",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-26900",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26900.json"
}
],
"title": "CVE-2024-26900"
},
{
"cve": "CVE-2024-39474",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39474",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39474.json"
}
],
"title": "CVE-2024-39474"
},
{
"cve": "CVE-2024-42073",
"references": [
{
"category": "self",
"summary": "CVE-2024-42073",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42073.json"
}
],
"title": "CVE-2024-42073"
},
{
"cve": "CVE-2024-42074",
"references": [
{
"category": "self",
"summary": "CVE-2024-42074",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42074.json"
}
],
"title": "CVE-2024-42074"
},
{
"cve": "CVE-2024-42075",
"references": [
{
"category": "self",
"summary": "CVE-2024-42075",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42075.json"
}
],
"title": "CVE-2024-42075"
},
{
"cve": "CVE-2024-42078",
"references": [
{
"category": "self",
"summary": "CVE-2024-42078",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42078.json"
}
],
"title": "CVE-2024-42078"
},
{
"cve": "CVE-2024-0853",
"cwe": {
"id": "CWE-299",
"name": "Improper Check for Certificate Revocation"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Certificate Revocation",
"title": "CWE-299"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-0853",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json"
}
],
"title": "CVE-2024-0853"
},
{
"cve": "CVE-2024-2004",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-2004",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json"
}
],
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-2398",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-2398",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
}
],
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-38662",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38662",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38662.json"
}
],
"title": "CVE-2024-38662"
},
{
"cve": "CVE-2024-36288",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-36288",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36288.json"
}
],
"title": "CVE-2024-36288"
},
{
"cve": "CVE-2024-39480",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39480",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39480.json"
}
],
"title": "CVE-2024-39480"
},
{
"cve": "CVE-2024-39476",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "other",
"text": "Deadlock",
"title": "CWE-833"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39476",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39476.json"
}
],
"title": "CVE-2024-39476"
},
{
"cve": "CVE-2024-39475",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "other",
"text": "Divide By Zero",
"title": "CWE-369"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39475",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39475.json"
}
],
"title": "CVE-2024-39475"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-37371",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json"
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-26461",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-26461",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26461.json"
}
],
"title": "CVE-2024-26461"
},
{
"cve": "CVE-2024-37370",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-37370",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json"
}
],
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-6104",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6104",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6104.json"
}
],
"title": "CVE-2024-6104"
},
{
"cve": "CVE-2024-6257",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6257.json"
}
],
"title": "CVE-2024-6257"
},
{
"cve": "CVE-2024-23722",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-23722",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23722.json"
}
],
"title": "CVE-2024-23722"
},
{
"cve": "CVE-2024-40898",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-40898",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json"
}
],
"title": "CVE-2024-40898"
},
{
"cve": "CVE-2024-38583",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38583",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38583.json"
}
],
"title": "CVE-2024-38583"
},
{
"cve": "CVE-2024-39493",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39493",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39493.json"
}
],
"title": "CVE-2024-39493"
},
{
"cve": "CVE-2024-42068",
"references": [
{
"category": "self",
"summary": "CVE-2024-42068",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42068.json"
}
],
"title": "CVE-2024-42068"
},
{
"cve": "CVE-2024-39489",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39489",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39489.json"
}
],
"title": "CVE-2024-39489"
},
{
"cve": "CVE-2024-42070",
"references": [
{
"category": "self",
"summary": "CVE-2024-42070",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42070.json"
}
],
"title": "CVE-2024-42070"
},
{
"cve": "CVE-2024-42076",
"references": [
{
"category": "self",
"summary": "CVE-2024-42076",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42076.json"
}
],
"title": "CVE-2024-42076"
},
{
"cve": "CVE-2024-42080",
"references": [
{
"category": "self",
"summary": "CVE-2024-42080",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42080.json"
}
],
"title": "CVE-2024-42080"
},
{
"cve": "CVE-2024-38428",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"notes": [
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38428.json"
}
],
"title": "CVE-2024-38428"
},
{
"cve": "CVE-2024-42082",
"references": [
{
"category": "self",
"summary": "CVE-2024-42082",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42082.json"
}
],
"title": "CVE-2024-42082"
},
{
"cve": "CVE-2022-48788",
"references": [
{
"category": "self",
"summary": "CVE-2022-48788",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48788.json"
}
],
"title": "CVE-2022-48788"
},
{
"cve": "CVE-2023-52340",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-52340",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52340.json"
}
],
"title": "CVE-2023-52340"
},
{
"cve": "CVE-2022-48841",
"references": [
{
"category": "self",
"summary": "CVE-2022-48841",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48841.json"
}
],
"title": "CVE-2022-48841"
},
{
"cve": "CVE-2024-39485",
"references": [
{
"category": "self",
"summary": "CVE-2024-39485",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39485.json"
}
],
"title": "CVE-2024-39485"
},
{
"cve": "CVE-2024-39483",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-39483",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39483.json"
}
],
"title": "CVE-2024-39483"
},
{
"cve": "CVE-2024-42071",
"references": [
{
"category": "self",
"summary": "CVE-2024-42071",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42071.json"
}
],
"title": "CVE-2024-42071"
},
{
"cve": "CVE-2024-42072",
"references": [
{
"category": "self",
"summary": "CVE-2024-42072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42072.json"
}
],
"title": "CVE-2024-42072"
},
{
"cve": "CVE-2024-42237",
"references": [
{
"category": "self",
"summary": "CVE-2024-42237",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42237.json"
}
],
"title": "CVE-2024-42237"
},
{
"cve": "CVE-2024-42083",
"references": [
{
"category": "self",
"summary": "CVE-2024-42083",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42083.json"
}
],
"title": "CVE-2024-42083"
}
]
}
gsd-2022-3775
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-3775",
"id": "GSD-2022-3775",
"references": [
"https://www.debian.org/security/2022/dsa-5280",
"https://access.redhat.com/errata/RHSA-2022:8494",
"https://access.redhat.com/errata/RHSA-2022:8800",
"https://access.redhat.com/errata/RHSA-2022:8978",
"https://access.redhat.com/errata/RHSA-2023:0047",
"https://access.redhat.com/errata/RHSA-2023:0048",
"https://access.redhat.com/errata/RHSA-2023:0049",
"https://www.suse.com/security/cve/CVE-2022-3775.html",
"https://access.redhat.com/errata/RHSA-2023:0752"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-3775"
],
"details": "When rendering certain unicode sequences, grub2\u0027s font code doesn\u0027t proper validate if the informed glyph\u0027s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\u0027s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.",
"id": "GSD-2022-3775",
"modified": "2023-12-13T01:19:40.115059Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-3775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2",
"version": {
"version_data": [
{
"version_value": "All up to 2.06"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When rendering certain unicode sequences, grub2\u0027s font code doesn\u0027t proper validate if the informed glyph\u0027s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\u0027s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/cve/cve-2022-3775",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"name": "GLSA-202311-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202311-14"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-3775"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "When rendering certain unicode sequences, grub2\u0027s font code doesn\u0027t proper validate if the informed glyph\u0027s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\u0027s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/cve/cve-2022-3775",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"name": "GLSA-202311-14",
"refsource": "",
"tags": [],
"url": "https://security.gentoo.org/glsa/202311-14"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-11-25T12:15Z",
"publishedDate": "2022-12-19T20:15Z"
}
}
}
wid-sec-w-2022-2058
Vulnerability from csaf_certbund
Published
2022-11-15 23:00
Modified
2024-07-24 22:00
Summary
Grub2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Grub ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Grub ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2058 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2058.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2058 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2058"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:8494"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3190 vom 2022-11-16",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00018.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4143-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013046.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4142-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013044.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4141-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013048.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4144-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013042.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4140-1 vom 2022-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013041.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4219-1 vom 2022-11-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013113.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4218-1 vom 2022-11-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013111.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4302-1 vom 2022-12-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013179.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8800 vom 2022-12-06",
"url": "https://access.redhat.com/errata/RHSA-2022:8800"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8978 vom 2022-12-13",
"url": "https://access.redhat.com/errata/RHSA-2022:8978"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0047 vom 2023-01-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0048 vom 2023-01-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0049 vom 2023-01-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0049"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12019 vom 2023-01-12",
"url": "http://linux.oracle.com/errata/ELSA-2023-12019.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-0049 vom 2023-01-25",
"url": "http://linux.oracle.com/errata/ELSA-2023-0049.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3312 vom 2023-02-08",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00006.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0752 vom 2023-02-14",
"url": "https://access.redhat.com/errata/RHSA-2023:0752"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6965816 vom 2023-03-24",
"url": "https://www.ibm.com/support/pages/node/6965816"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:1701-1 vom 2023-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014265.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-0752 vom 2023-06-13",
"url": "https://linux.oracle.com/errata/ELSA-2023-0752.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2146 vom 2023-07-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2146.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6355-1 vom 2023-09-08",
"url": "https://ubuntu.com/security/notices/USN-6355-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-283 vom 2024-01-23",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2023-283.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202311-14 vom 2023-11-25",
"url": "https://security.gentoo.org/glsa/202311-14"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2002 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2002"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3184 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-3184.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2024:2002 vom 2024-06-06",
"url": "https://lwn.net/Articles/973019"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7161468 vom 2024-07-24",
"url": "https://www.ibm.com/support/pages/node/7161468"
}
],
"source_lang": "en-US",
"title": "Grub2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-24T22:00:00.000+00:00",
"generator": {
"date": "2024-07-25T08:36:38.580+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-2058",
"initial_release_date": "2022-11-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-16T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-11-21T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-3130C677B4, FEDORA-2022-9B03E69561"
},
{
"date": "2022-11-23T23:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-7CE9378E90, FEDORA-2022-F86E203BAF"
},
{
"date": "2022-11-27T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-12-01T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-12-06T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-13T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-09T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-12T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-01-25T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-02-14T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-23T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-30T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-06-13T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-07-19T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-09-07T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-11-26T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-05T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "25"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "1411051",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.14",
"product": {
"name": "IBM Spectrum Protect \u003c10.1.14",
"product_id": "T026783",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:10.1.14"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "2",
"product": {
"name": "Open Source Grub 2",
"product_id": "T015539",
"product_identification_helper": {
"cpe": "cpe:/a:gnu:grub:2"
}
}
}
],
"category": "product_name",
"name": "Grub"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2601",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Grub2. Ein Puffer\u00fcberlauf in \"grub_font_construct_glyph()\" kann zu einem Out-of-Bound-Schreiben und einer m\u00f6glichen Umgehung des Secure Boot f\u00fchren. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T015539",
"67646",
"T000126",
"398363",
"T012167",
"1727",
"T004914",
"T026783",
"1411051"
]
},
"release_date": "2022-11-15T23:00:00Z",
"title": "CVE-2022-2601"
},
{
"cve": "CVE-2022-3775",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Grub. Beim Rendern bestimmter Unicode-Sequenzen werden die Schriftbreite und -h\u00f6he nicht richtig validiert. Diese Werte werden weiter verwendet, um auf den Schriftpuffer zuzugreifen, was zu Out-of-Bounds-Writes f\u00fchren kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T015539",
"67646",
"T000126",
"398363",
"T012167",
"1727",
"T004914",
"T026783",
"1411051"
]
},
"release_date": "2022-11-15T23:00:00Z",
"title": "CVE-2022-3775"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.