This site requires JavaScript to be enabled to function correctly, please enable it.
Bug 1991686 (CVE-2021-3696) - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
Summary: CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3696
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2057532 2057533 2057534 2057535 2057536 2057537 2057538 2057539 2057540 2057541 2057542 2089813 2089814
Blocks: 1991681
TreeView+ depends on / blocked
 
Reported: 2021-08-09 17:22 UTC by Marco Benatto
Modified: 2022-09-27 10:34 UTC (History)
8 users (show)

Fixed In Version: grub 2.12
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in grub2 when handling a PNG image header. When decoding the data contained in the Huffman table at the PNG file header, an out-of-bounds write may happen on grub's heap.
Clone Of:
Environment:
Last Closed: 2022-06-16 20:37:15 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:5105 0 None None None 2022-06-16 21:08:36 UTC
Red Hat Product Errata RHBA-2022:5121 0 None None None 2022-06-20 01:27:26 UTC
Red Hat Product Errata RHBA-2022:5127 0 None None None 2022-06-20 12:12:07 UTC
Red Hat Product Errata RHBA-2022:5128 0 None None None 2022-06-20 14:27:04 UTC
Red Hat Product Errata RHBA-2022:5170 0 None None None 2022-06-22 11:38:28 UTC
Red Hat Product Errata RHBA-2022:5437 0 None None None 2022-06-30 07:15:17 UTC
Red Hat Product Errata RHBA-2022:5578 0 None None None 2022-07-13 15:10:18 UTC
Red Hat Product Errata RHBA-2022:5643 0 None None None 2022-07-19 15:32:27 UTC
Red Hat Product Errata RHSA-2022:5095 0 None None None 2022-06-16 15:33:51 UTC
Red Hat Product Errata RHSA-2022:5096 0 None None None 2022-06-16 14:55:07 UTC
Red Hat Product Errata RHSA-2022:5098 0 None None None 2022-06-16 13:51:13 UTC
Red Hat Product Errata RHSA-2022:5099 0 None None None 2022-06-16 15:23:40 UTC
Red Hat Product Errata RHSA-2022:5100 0 None None None 2022-06-16 15:45:57 UTC

Description Marco Benatto 2021-08-09 17:22:04 UTC 
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention.
Comment 4 errata-xmlrpc 2022-06-16 13:51:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:5098 https://access.redhat.com/errata/RHSA-2022:5098
Comment 5 errata-xmlrpc 2022-06-16 14:55:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5096 https://access.redhat.com/errata/RHSA-2022:5096
Comment 6 errata-xmlrpc 2022-06-16 15:23:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5099 https://access.redhat.com/errata/RHSA-2022:5099
Comment 7 errata-xmlrpc 2022-06-16 15:33:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5095 https://access.redhat.com/errata/RHSA-2022:5095
Comment 8 errata-xmlrpc 2022-06-16 15:45:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5100 https://access.redhat.com/errata/RHSA-2022:5100
Comment 9 Product Security DevOps Team 2022-06-16 20:37:13 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3696
Note You need to log in before you can comment on or make changes to this bug.