vulnerability
Ubuntu: USN-6355-1 (CVE-2021-3697): GRUB2 vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | Jul 6, 2022 | Sep 18, 2023 | Mar 27, 2026 |
Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
Jul 6, 2022
Added
Sep 18, 2023
Modified
Mar 27, 2026
Description
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Solutions
ubuntu-upgrade-grub-efi-amd64ubuntu-upgrade-grub-efi-amd64-binubuntu-upgrade-grub-efi-amd64-signedubuntu-upgrade-grub-efi-arm64ubuntu-upgrade-grub-efi-arm64-binubuntu-upgrade-grub-efi-arm64-signedubuntu-upgrade-shimubuntu-upgrade-shim-signed
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.