{"id":"UBUNTU-CVE-2022-3775","details":"When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.","modified":"2026-02-04T03:20:31.002254Z","published":"2022-12-19T20:15:00Z","related":["USN-6355-1"],"upstream":["CVE-2022-3775"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3775"},{"type":"REPORT","url":"https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6355-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-3775"}],"affected":[{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.34.24?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.22","1.23","1.24","1.25","1.26","1.27","1.30","1.31","1.32","1.33","1.34","1.34.1","1.34.2","1.34.3","1.34.4","1.34.5","1.34.6","1.34.7","1.34.8","1.34.9","1.34.13","1.34.14","1.34.16","1.34.17","1.34.18","1.34.20","1.34.22","1.34.24"],"ecosystem_specific":{"binaries":[{"binary_version":"1.34.24+2.02~beta2-9ubuntu1.21","binary_name":"grub-efi-amd64-signed"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.167~16.04.6?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.55","1.56","1.57","1.58","1.59","1.61","1.62","1.63","1.64","1.65","1.66","1.66.1","1.66.2","1.66.6","1.66.7","1.66.8","1.66.9","1.66.11","1.66.12","1.66.14","1.66.15","1.66.16","1.66.17","1.66.18","1.66.19","1.66.20","1.66.21","1.66.22","1.66.23","1.66.26","1.66.27","1.66.28","1.66.29","1.167~16.04.1","1.167~16.04.2","1.167~16.04.4","1.167~16.04.6"],"ecosystem_specific":{"binaries":[{"binary_version":"1.167~16.04.6+2.04-1ubuntu44.1.2","binary_name":"grub-efi-amd64-signed"},{"binary_version":"1.167~16.04.6+2.04-1ubuntu44.1.2","binary_name":"grub-efi-arm64-signed"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.04-1ubuntu44.1.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.1","2.04-1ubuntu44.1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.04-1ubuntu44.1.2","binary_name":"grub-efi-amd64"},{"binary_version":"2.04-1ubuntu44.1.2","binary_name":"grub-efi-amd64-bin"},{"binary_version":"2.04-1ubuntu44.1.2","binary_name":"grub-efi-arm64"},{"binary_version":"2.04-1ubuntu44.1.2","binary_name":"grub-efi-arm64-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.187.3~18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.187.3~18.04.1"}]}],"versions":["1.85","1.86","1.87","1.89","1.91","1.92","1.93","1.93.1","1.93.2","1.93.3","1.93.4","1.93.5","1.93.7","1.93.8","1.93.10","1.93.11","1.93.13","1.93.14","1.93.15","1.93.16","1.93.18","1.93.19","1.93.20","1.93.21","1.93.22","1.93.24","1.167~18.04.1","1.167~18.04.3","1.167~18.04.5","1.173.2~18.04.1","1.187.2~18.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.187.3~18.04.1+2.06-2ubuntu14.1","binary_name":"grub-efi-amd64-signed"},{"binary_version":"1.187.3~18.04.1+2.06-2ubuntu14.1","binary_name":"grub-efi-arm64-signed"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.06-2ubuntu14.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.06-2ubuntu14.1"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.1","2.04-1ubuntu44.1.2","2.04-1ubuntu47.4","2.06-2ubuntu14"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.06-2ubuntu14.1","binary_name":"grub-efi-amd64"},{"binary_version":"2.06-2ubuntu14.1","binary_name":"grub-efi-amd64-bin"},{"binary_version":"2.06-2ubuntu14.1","binary_name":"grub-efi-arm64"},{"binary_version":"2.06-2ubuntu14.1","binary_name":"grub-efi-arm64-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.187.3~20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.187.3~20.04.1"}]}],"versions":["1.128","1.129","1.130","1.131","1.133","1.134","1.135","1.136","1.137","1.138","1.139","1.140","1.141","1.142","1.142.1","1.142.3","1.142.4","1.142.5","1.142.6","1.142.8","1.142.9","1.142.10","1.142.11","1.167","1.167.2","1.173.2~20.04.1","1.173.4","1.187.2~20.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.187.3~20.04.1+2.06-2ubuntu14.1","binary_name":"grub-efi-amd64-signed"},{"binary_version":"1.187.3~20.04.1+2.06-2ubuntu14.1","binary_name":"grub-efi-arm64-signed"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.06-2ubuntu14?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.06-2ubuntu14"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.2","2.04-1ubuntu47.4","2.04-1ubuntu47.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-amd64"},{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-amd64-bin"},{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-arm64"},{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-arm64-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.187.3~22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.187.3~22.04.1"}]}],"versions":["1.173","1.174","1.176","1.177","1.178","1.179","1.180","1.182~22.04.1","1.187.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.187.3~22.04.1+2.06-2ubuntu14.1","binary_name":"grub-efi-amd64-signed"},{"binary_version":"1.187.3~22.04.1+2.06-2ubuntu14.1","binary_name":"grub-efi-arm64-signed"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.06-2ubuntu14?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.06-2ubuntu14"}]}],"versions":["2.04-1ubuntu47","2.04-1ubuntu48","2.06-2ubuntu3","2.06-2ubuntu4","2.06-2ubuntu5","2.06-2ubuntu6","2.06-2ubuntu7","2.06-2ubuntu10"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-amd64"},{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-amd64-bin"},{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-arm64"},{"binary_version":"2.06-2ubuntu14","binary_name":"grub-efi-arm64-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3775.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}