#VU64061 Integer underflow in grub - CVE-2021-3697

Cybersecurity Help s.r.o.

Published: 2022-06-08 | Updated: 2022-07-20

Vulnerability identifier: #VU64061

Vulnerability risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3697

CWE-ID: CWE-191

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
grub
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the JPEG reader. A local privileged user can trigger an integer underflow and bypass secure boot protection mechanism.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

grub: 1.99 - 2.06

External links
https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for grub2

Multiple vulnerabilities in Oracle Linux

Ubuntu update for grub2-signed

Multiple vulnerabilities in Dell VxRail Appliance components

Multiple vulnerabilities in Dell Secure Connect Gateway

Multiple vulnerabilities in Dell Storage Monitoring and Reporting (SMR)

Multiple vulnerabilities in Dell VxRail

Gentoo update for GRUB

Multiple vulnerabilities in OpenShift Container Platform 4.11

Multiple vulnerabilities in Dell Cloud Tiering Appliance