CVE-2021-3695

Published Jul 6, 2022

Last updated a year ago

CVSS medium 4.5

Overview

Description: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.5
Impact score: 3.4
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787
secalert@redhat.com: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B798FFCB-4972-436F-ADB4-8DA325089773",
            "versionEndExcluding": "2.12",
            "versionStartIncluding": "2.00"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62C4B3B6-7452-49AF-8981-737FE929FF97"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF30E57A-97EA-4A44-8404-6AE4F058B44D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DAD1E4A-B22F-432C-97C8-D91D286535F1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35EEDB95-DCD1-4FED-9BBB-877B2062410C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "729C515E-1DD3-466D-A50B-AFE058FFC94A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "868A6ED7-44DD-44FF-8ADD-9971298A1175"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "492DF629-16B8-4882-822D-A6897B03DD30"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B62E762-2878-455A-93C9-A5DB430D7BB5"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81609549-25CE-4C8A-9DE3-170D23704208"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CD81C46-328B-412D-AF4E-68A2AD2F1A73"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References