Main Vulnerability Database SB20250328182

SB20250328182 - Anolis OS update for grub2

Published: March 28, 2025

Security Bulletin ID SB20250328182

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2022-2601)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to a boundary error within the grub_font_construct_glyph() function when handling pf2 font. An attacker with physical access to the affected system can trigger an out-of-bounds write and bypass secure boot restrictions.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2024:0532

Vulnerable Software

Anolis OS: 7
grub2-pc-modules: before 2.02-0.87
grub2-efi-x64-modules: before 2.02-0.87
grub2-efi-ia32-modules: before 2.02-0.87
grub2-efi-aa64-modules: before 2.02-0.87
grub2-common: before 2.02-0.87
grub2-pc: before 2.02-0.87
grub2-efi-x64-cdboot: before 2.02-0.87
grub2-efi-x64: before 2.02-0.87
grub2-efi-ia32-cdboot: before 2.02-0.87
grub2-efi-ia32: before 2.02-0.87
grub2-tools-minimal: before 2.02-0.87
grub2-tools-extra: before 2.02-0.87
grub2-tools: before 2.02-0.87
grub2-efi-aa64-cdboot: before 2.02-0.87
grub2-efi-aa64: before 2.02-0.87
grub2: before 2.02-0.87

SB20250328182 - Anolis OS update for grub2

Breakdown by Severity

Description

Remediation

References

Please verify you're human