vulnerability
Amazon Linux AMI 2: CVE-2021-3696: Security patch for grub2 (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Jul 6, 2022 | Jul 21, 2023 | May 20, 2026 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Jul 6, 2022
Added
Jul 21, 2023
Modified
May 20, 2026
Description
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Solutions
amazon-linux-ami-2-upgrade-grub2amazon-linux-ami-2-upgrade-grub2-commonamazon-linux-ami-2-upgrade-grub2-debuginfoamazon-linux-ami-2-upgrade-grub2-efi-aa64amazon-linux-ami-2-upgrade-grub2-efi-aa64-cdbootamazon-linux-ami-2-upgrade-grub2-efi-aa64-ec2amazon-linux-ami-2-upgrade-grub2-efi-aa64-modulesamazon-linux-ami-2-upgrade-grub2-efi-x64amazon-linux-ami-2-upgrade-grub2-efi-x64-cdbootamazon-linux-ami-2-upgrade-grub2-efi-x64-ec2amazon-linux-ami-2-upgrade-grub2-efi-x64-modulesamazon-linux-ami-2-upgrade-grub2-emuamazon-linux-ami-2-upgrade-grub2-emu-modulesamazon-linux-ami-2-upgrade-grub2-pcamazon-linux-ami-2-upgrade-grub2-pc-modulesamazon-linux-ami-2-upgrade-grub2-toolsamazon-linux-ami-2-upgrade-grub2-tools-efiamazon-linux-ami-2-upgrade-grub2-tools-extraamazon-linux-ami-2-upgrade-grub2-tools-minimal
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.