Debian Security Advisory
DSA-5280-1 grub2 -- security update
- Date Reported:
- 15 Nov 2022
- Affected Packages:
- grub2
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2022-2601, CVE-2022-3775.
- More information:
-
Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.
Further, issues were found in image loading that could potentially lead to memory overflows.
For the stable distribution (bullseye), these problems have been fixed in version 2.06-3~deb11u4.
We recommend that you upgrade your grub2 packages.
For the detailed security status of grub2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grub2