发布时间: 2022年7月1日
修改时间: 2024年10月31日
A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2's memory, leading to possible code execution and the circumvention of the secure boot mechanism.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | High |
| Attack Vector | Local | Local |
| CVSS评分 | 4.5 | 7.5 |
| Attack Complexity | High | High |
| Privileges Required | Low | High |
| Scope | Unchanged | Changed |
| Integrity | Low | High |
| User Interaction | None | None |
| Availability | Low | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1611 | grub2 security update | 2022年7月1日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | grub2 | Fixed |
| KY3.4-5 | grub2 | Fixed |
| KY3.5.1 | grub2 | Fixed |
