vulnerability
Ubuntu: USN-6355-1 (CVE-2021-3697): GRUB2 vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | Jul 6, 2022 | Sep 18, 2023 | Aug 18, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
Jul 6, 2022
Added
Sep 18, 2023
Modified
Aug 18, 2025
Description
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Solutions
ubuntu-upgrade-grub-efi-amd64ubuntu-upgrade-grub-efi-amd64-binubuntu-upgrade-grub-efi-amd64-signedubuntu-upgrade-grub-efi-arm64ubuntu-upgrade-grub-efi-arm64-binubuntu-upgrade-grub-efi-arm64-signedubuntu-upgrade-shimubuntu-upgrade-shim-signed
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.