What is CVE-2022-3775?

CVE-2022-3775 is a high-severity vulnerability in Gnu Grub2, classified under Out-of-bounds Write. CVSS score: 7.1/10. Published 2022-12-19.

How severe is CVE-2022-3775?

High severity. CVSS v3 base score is 7.1 out of 10.

Is CVE-2022-3775 known to be exploited?

18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Gnu Grub2

CVE-2022-3775

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bound…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (25.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Gnu Grub2
Redhat Enterprise_linux — versions 8.0
N/a Grub2 — versions All up to 2.06

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

Public proof-of-concept exploits

References

secalert@redhat.com (Third Party Advisory)
secalert@redhat.com (vendor-advisory)

Frequently asked questions

What is CVE-2022-3775?: CVE-2022-3775 is a high-severity vulnerability in Gnu Grub2, classified under Out-of-bounds Write. CVSS score: 7.1/10. Published 2022-12-19.
How severe is CVE-2022-3775?: High severity. CVSS v3 base score is 7.1 out of 10.
Is CVE-2022-3775 known to be exploited?: 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.