Launchpad.net

CVE 2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Related bugs and status

CVE-2021-3695 (Candidate) is related to these bugs:

Bug #1926748: regression in xenial updates - grub2 cannot handle new arm64 relocations

		In	Importance	Status
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu)	Undecided	Invalid
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Bionic)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Bionic)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Jammy)	Undecided	Fix Released

Bug #1930742: cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable

		In	Importance	Status
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu)	Undecided	Invalid
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu Bionic)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Bionic)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu Bionic)	Undecided	Invalid
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Jammy)	Undecided	Fix Released

Bug #2008950: Missing modules on arm64 builds of monolithic grub

Summary				In	Importance	Status
	2008950	Missing modules on arm64 builds of monolithic grub		grub2 (Ubuntu)	Undecided	Fix Released

Bug #2028947: grub2-unsigned/2.12~rc1-4ubuntu1 signing

		In	Importance	Status
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-unsigned (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-signed (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs task00	Medium	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2 (Ubuntu)	Undecided	Fix Released

Bug #2034119: [Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs

Summary				In	Importance	Status
	2034119	[Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-3695

Related bugs and status

Related bugs

References