Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-2601
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-22 01:13
Severity ?
EPSS score ?
Summary
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-22T01:13:28.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230203-0004/", }, { name: "GLSA-202311-14", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-14", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { product: "grub2", vendor: "n/a", versions: [ { status: "affected", version: "grub2 2.06 and lower", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122->CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-25T12:06:24.538109", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", }, { url: "https://security.netapp.com/advisory/ntap-20230203-0004/", }, { name: "GLSA-202311-14", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-14", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-2601", datePublished: "2022-12-14T00:00:00", dateReserved: "2022-08-01T00:00:00", dateUpdated: "2024-08-22T01:13:28.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-2601\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-12-14T21:15:10.190\",\"lastModified\":\"2024-11-21T07:01:19.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.\"},{\"lang\":\"es\",\"value\":\"Se encontró un desbordamiento del búfer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamiento al calcular el valor max_glyph_size, asignando un búfer más pequeño de lo necesario para el glifo, lo que además provoca un desbordamiento del búfer y una escritura fuera de los límites basada en el heap. Un atacante puede utilizar esta vulnerabilidad para eludir el mecanismo de arranque seguro.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.06\",\"matchCriteriaId\":\"7E48B3B4-3F7F-4169-ABC8-448AA351276E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868A6ED7-44DD-44FF-8ADD-9971298A1175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DF2B9A2-8CA6-4EDF-9975-07265E363ED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492DF629-16B8-4882-822D-A6897B03DD30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C2E003-A71C-4D06-B8B3-F93160568182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3921C1CF-A16D-4727-99AD-03EFFA7C91CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE1A81A1-63EC-431C-9CBC-8D28C15AB3E5\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-14\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230203-0004/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230203-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
RHSA-2022:8978
Vulnerability from csaf_redhat
Published
2022-12-13 16:11
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)
* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)
* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)
* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)\n\n* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)\n\n* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)\n\n* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8978", url: "https://access.redhat.com/errata/RHSA-2022:8978", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8978.json", }, ], title: "Red Hat Security Advisory: grub2 security and bug fix update", tracking: { current_release_date: "2024-11-22T21:00:41+00:00", generator: { date: "2024-11-22T21:00:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8978", initial_release_date: "2022-12-13T16:11:40+00:00", revision_history: [ { date: "2022-12-13T16:11:40+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T16:11:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:9.0::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.06-27.el9_0.12.src", product: { name: "grub2-1:2.06-27.el9_0.12.src", product_id: "grub2-1:2.06-27.el9_0.12.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.06-27.el9_0.12?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-common-1:2.06-27.el9_0.12.noarch", product_id: "grub2-common-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.06-27.el9_0.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", }, product_reference: "grub2-1:2.06-27.el9_0.12.src", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-common-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-pc-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T16:11:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8978", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T16:11:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8978", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2022:8494
Vulnerability from csaf_redhat
Published
2022-11-16 10:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8494", url: "https://access.redhat.com/errata/RHSA-2022:8494", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8494.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:24+00:00", generator: { date: "2024-11-22T21:00:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8494", initial_release_date: "2022-11-16T10:51:10+00:00", revision_history: [ { date: "2022-11-16T10:51:10+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-16T10:51:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_e4s:8.1::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-87.el8_1.11.src", product: { name: "grub2-1:2.02-87.el8_1.11.src", product_id: "grub2-1:2.02-87.el8_1.11.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-87.el8_1.11?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-common-1:2.02-87.el8_1.11.noarch", product_id: "grub2-common-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_1.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", }, product_reference: "grub2-1:2.02-87.el8_1.11.src", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-16T10:51:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8494", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-16T10:51:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8494", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2022:8800
Vulnerability from csaf_redhat
Published
2022-12-06 08:58
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8800", url: "https://access.redhat.com/errata/RHSA-2022:8800", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8800.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:32+00:00", generator: { date: "2024-11-22T21:00:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8800", initial_release_date: "2022-12-06T08:58:45+00:00", revision_history: [ { date: "2022-12-06T08:58:45+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-06T08:58:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_aus:8.2::baseos", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_e4s:8.2::baseos", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_tus:8.2::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-87.el8_2.11.src", product: { name: "grub2-1:2.02-87.el8_2.11.src", product_id: "grub2-1:2.02-87.el8_2.11.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-87.el8_2.11?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-common-1:2.02-87.el8_2.11.noarch", product_id: "grub2-common-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-06T08:58:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8800", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-06T08:58:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8800", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2022:8978
Vulnerability from csaf_redhat
Published
2022-12-13 16:11
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)
* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)
* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)
* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)\n\n* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)\n\n* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)\n\n* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8978", url: "https://access.redhat.com/errata/RHSA-2022:8978", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8978.json", }, ], title: "Red Hat Security Advisory: grub2 security and bug fix update", tracking: { current_release_date: "2024-11-22T21:00:41+00:00", generator: { date: "2024-11-22T21:00:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8978", initial_release_date: "2022-12-13T16:11:40+00:00", revision_history: [ { date: "2022-12-13T16:11:40+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T16:11:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:9.0::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.06-27.el9_0.12.src", product: { name: "grub2-1:2.06-27.el9_0.12.src", product_id: "grub2-1:2.06-27.el9_0.12.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.06-27.el9_0.12?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-common-1:2.06-27.el9_0.12.noarch", product_id: "grub2-common-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.06-27.el9_0.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", }, product_reference: "grub2-1:2.06-27.el9_0.12.src", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-common-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-pc-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T16:11:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8978", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T16:11:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8978", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
RHSA-2022:8800
Vulnerability from csaf_redhat
Published
2022-12-06 08:58
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8800", url: "https://access.redhat.com/errata/RHSA-2022:8800", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8800.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:32+00:00", generator: { date: "2024-11-22T21:00:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8800", initial_release_date: "2022-12-06T08:58:45+00:00", revision_history: [ { date: "2022-12-06T08:58:45+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-06T08:58:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_aus:8.2::baseos", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_e4s:8.2::baseos", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_tus:8.2::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-87.el8_2.11.src", product: { name: "grub2-1:2.02-87.el8_2.11.src", product_id: "grub2-1:2.02-87.el8_2.11.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-87.el8_2.11?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-common-1:2.02-87.el8_2.11.noarch", product_id: "grub2-common-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-06T08:58:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8800", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-06T08:58:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8800", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
RHSA-2024:2002
Vulnerability from csaf_redhat
Published
2024-04-23 16:44
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2002", url: "https://access.redhat.com/errata/RHSA-2024:2002", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "RHEL-23460", url: "https://issues.redhat.com/browse/RHEL-23460", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2002.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:25+00:00", generator: { date: "2024-11-22T21:01:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:2002", initial_release_date: "2024-04-23T16:44:09+00:00", revision_history: [ { date: "2024-04-23T16:44:09+00:00", number: "1", summary: "Initial version", }, { date: "2024-04-23T16:44:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.src", product: { name: "grub2-1:2.02-0.87.el7_9.14.src", product_id: "grub2-1:2.02-0.87.el7_9.14.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-23T16:44:09+00:00", details: "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2002", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, ], }
rhsa-2023_0048
Vulnerability from csaf_redhat
Published
2023-01-09 14:50
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0048", url: "https://access.redhat.com/errata/RHSA-2023:0048", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0048.json", }, ], title: "Red Hat Security Advisory: grub2 security and bug fix update", tracking: { current_release_date: "2024-11-22T21:00:49+00:00", generator: { date: "2024-11-22T21:00:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0048", initial_release_date: "2023-01-09T14:50:55+00:00", revision_history: [ { date: "2023-01-09T14:50:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:50:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.6::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-123.el8_6.12.src", product: { name: "grub2-1:2.02-123.el8_6.12.src", product_id: "grub2-1:2.02-123.el8_6.12.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-123.el8_6.12?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-common-1:2.02-123.el8_6.12.noarch", product_id: "grub2-common-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-123.el8_6.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", }, product_reference: "grub2-1:2.02-123.el8_6.12.src", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-common-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-pc-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:50:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0048", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:50:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0048", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2023_0047
Vulnerability from csaf_redhat
Published
2023-01-09 14:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0047", url: "https://access.redhat.com/errata/RHSA-2023:0047", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0047.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:58+00:00", generator: { date: "2024-11-22T21:00:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0047", initial_release_date: "2023-01-09T14:51:08+00:00", revision_history: [ { date: "2023-01-09T14:51:08+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:51:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.4::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-99.el8_4.10.src", product: { name: "grub2-1:2.02-99.el8_4.10.src", product_id: "grub2-1:2.02-99.el8_4.10.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-99.el8_4.10?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-common-1:2.02-99.el8_4.10.noarch", product_id: "grub2-common-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-99.el8_4.10.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", }, product_reference: "grub2-1:2.02-99.el8_4.10.src", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-common-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-pc-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:51:08+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:51:08+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
RHSA-2023:0048
Vulnerability from csaf_redhat
Published
2023-01-09 14:50
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0048", url: "https://access.redhat.com/errata/RHSA-2023:0048", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0048.json", }, ], title: "Red Hat Security Advisory: grub2 security and bug fix update", tracking: { current_release_date: "2024-11-22T21:00:49+00:00", generator: { date: "2024-11-22T21:00:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0048", initial_release_date: "2023-01-09T14:50:55+00:00", revision_history: [ { date: "2023-01-09T14:50:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:50:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.6::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-123.el8_6.12.src", product: { name: "grub2-1:2.02-123.el8_6.12.src", product_id: "grub2-1:2.02-123.el8_6.12.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-123.el8_6.12?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-common-1:2.02-123.el8_6.12.noarch", product_id: "grub2-common-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-123.el8_6.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", }, product_reference: "grub2-1:2.02-123.el8_6.12.src", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-common-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-pc-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:50:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0048", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:50:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0048", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2023:0752
Vulnerability from csaf_redhat
Published
2023-02-14 09:10
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0752", url: "https://access.redhat.com/errata/RHSA-2023:0752", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0752.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:19+00:00", generator: { date: "2024-11-22T21:01:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0752", initial_release_date: "2023-02-14T09:10:02+00:00", revision_history: [ { date: "2023-02-14T09:10:02+00:00", number: "1", summary: "Initial version", }, { date: "2023-02-14T09:10:02+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 9)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.06-46.el9_1.3.src", product: { name: "grub2-1:2.06-46.el9_1.3.src", product_id: "grub2-1:2.06-46.el9_1.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.06-46.el9_1.3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-common-1:2.06-46.el9_1.3.noarch", product_id: "grub2-common-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.06-46.el9_1.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", }, product_reference: "grub2-1:2.06-46.el9_1.3.src", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-common-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-pc-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-02-14T09:10:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0752", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-02-14T09:10:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0752", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
RHSA-2023:0752
Vulnerability from csaf_redhat
Published
2023-02-14 09:10
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0752", url: "https://access.redhat.com/errata/RHSA-2023:0752", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0752.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:19+00:00", generator: { date: "2024-11-22T21:01:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0752", initial_release_date: "2023-02-14T09:10:02+00:00", revision_history: [ { date: "2023-02-14T09:10:02+00:00", number: "1", summary: "Initial version", }, { date: "2023-02-14T09:10:02+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 9)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.06-46.el9_1.3.src", product: { name: "grub2-1:2.06-46.el9_1.3.src", product_id: "grub2-1:2.06-46.el9_1.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.06-46.el9_1.3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-common-1:2.06-46.el9_1.3.noarch", product_id: "grub2-common-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.06-46.el9_1.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", }, product_reference: "grub2-1:2.06-46.el9_1.3.src", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-common-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-pc-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-02-14T09:10:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0752", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-02-14T09:10:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0752", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
RHSA-2022:8494
Vulnerability from csaf_redhat
Published
2022-11-16 10:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8494", url: "https://access.redhat.com/errata/RHSA-2022:8494", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8494.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:24+00:00", generator: { date: "2024-11-22T21:00:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8494", initial_release_date: "2022-11-16T10:51:10+00:00", revision_history: [ { date: "2022-11-16T10:51:10+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-16T10:51:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_e4s:8.1::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-87.el8_1.11.src", product: { name: "grub2-1:2.02-87.el8_1.11.src", product_id: "grub2-1:2.02-87.el8_1.11.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-87.el8_1.11?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-common-1:2.02-87.el8_1.11.noarch", product_id: "grub2-common-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_1.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", }, product_reference: "grub2-1:2.02-87.el8_1.11.src", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-16T10:51:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8494", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-16T10:51:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8494", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2022_8800
Vulnerability from csaf_redhat
Published
2022-12-06 08:58
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8800", url: "https://access.redhat.com/errata/RHSA-2022:8800", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8800.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:32+00:00", generator: { date: "2024-11-22T21:00:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8800", initial_release_date: "2022-12-06T08:58:45+00:00", revision_history: [ { date: "2022-12-06T08:58:45+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-06T08:58:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_aus:8.2::baseos", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_e4s:8.2::baseos", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product: { name: "Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_tus:8.2::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-87.el8_2.11.src", product: { name: "grub2-1:2.02-87.el8_2.11.src", product_id: "grub2-1:2.02-87.el8_2.11.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-87.el8_2.11?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-common-1:2.02-87.el8_2.11.noarch", product_id: "grub2-common-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product_id: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_2.11?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-pc-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_2.11?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.AUS", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.2)", product_id: "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_2.11.src as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", }, product_reference: "grub2-1:2.02-87.el8_2.11.src", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v. 8.2)", product_id: "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", relates_to_product_reference: "BaseOS-8.2.0.Z.TUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-06T08:58:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8800", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-06T08:58:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8800", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.2.0.Z.AUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.AUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.AUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.AUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.E4S:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.ppc64le", "BaseOS-8.2.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-1:2.02-87.el8_2.11.src", "BaseOS-8.2.0.Z.TUS:grub2-common-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-debugsource-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-aa64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-ia32-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-cdboot-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-efi-x64-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-pc-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-pc-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-ppc64le-modules-1:2.02-87.el8_2.11.noarch", "BaseOS-8.2.0.Z.TUS:grub2-tools-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-1:2.02-87.el8_2.11.x86_64", "BaseOS-8.2.0.Z.TUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_2.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2024:2002
Vulnerability from csaf_redhat
Published
2024-04-23 16:44
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2002", url: "https://access.redhat.com/errata/RHSA-2024:2002", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "RHEL-23460", url: "https://issues.redhat.com/browse/RHEL-23460", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2002.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:25+00:00", generator: { date: "2024-11-22T21:01:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:2002", initial_release_date: "2024-04-23T16:44:09+00:00", revision_history: [ { date: "2024-04-23T16:44:09+00:00", number: "1", summary: "Initial version", }, { date: "2024-04-23T16:44:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.src", product: { name: "grub2-1:2.02-0.87.el7_9.14.src", product_id: "grub2-1:2.02-0.87.el7_9.14.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-23T16:44:09+00:00", details: "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2002", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, ], }
rhsa-2023_0049
Vulnerability from csaf_redhat
Published
2023-01-09 14:47
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0049", url: "https://access.redhat.com/errata/RHSA-2023:0049", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0049.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:09+00:00", generator: { date: "2024-11-22T21:01:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0049", initial_release_date: "2023-01-09T14:47:07+00:00", revision_history: [ { date: "2023-01-09T14:47:07+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:47:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-142.el8_7.1.src", product: { name: "grub2-1:2.02-142.el8_7.1.src", product_id: "grub2-1:2.02-142.el8_7.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-142.el8_7.1?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-common-1:2.02-142.el8_7.1.noarch", product_id: "grub2-common-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-142.el8_7.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", }, product_reference: "grub2-1:2.02-142.el8_7.1.src", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-common-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-pc-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:47:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:47:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2023:0049
Vulnerability from csaf_redhat
Published
2023-01-09 14:47
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0049", url: "https://access.redhat.com/errata/RHSA-2023:0049", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0049.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:09+00:00", generator: { date: "2024-11-22T21:01:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0049", initial_release_date: "2023-01-09T14:47:07+00:00", revision_history: [ { date: "2023-01-09T14:47:07+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:47:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-142.el8_7.1.src", product: { name: "grub2-1:2.02-142.el8_7.1.src", product_id: "grub2-1:2.02-142.el8_7.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-142.el8_7.1?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-common-1:2.02-142.el8_7.1.noarch", product_id: "grub2-common-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-142.el8_7.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", }, product_reference: "grub2-1:2.02-142.el8_7.1.src", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-common-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-pc-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:47:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:47:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2023_0752
Vulnerability from csaf_redhat
Published
2023-02-14 09:10
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0752", url: "https://access.redhat.com/errata/RHSA-2023:0752", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0752.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:19+00:00", generator: { date: "2024-11-22T21:01:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0752", initial_release_date: "2023-02-14T09:10:02+00:00", revision_history: [ { date: "2023-02-14T09:10:02+00:00", number: "1", summary: "Initial version", }, { date: "2023-02-14T09:10:02+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 9)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.06-46.el9_1.3.src", product: { name: "grub2-1:2.06-46.el9_1.3.src", product_id: "grub2-1:2.06-46.el9_1.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.06-46.el9_1.3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-common-1:2.06-46.el9_1.3.noarch", product_id: "grub2-common-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product: { name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product_id: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-46.el9_1.3?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-pc-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-46.el9_1.3?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.06-46.el9_1.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", }, product_reference: "grub2-1:2.06-46.el9_1.3.src", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-common-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-debugsource-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-pc-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-pc-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", relates_to_product_reference: "BaseOS-9.1.0.Z.MAIN", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-02-14T09:10:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0752", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-02-14T09:10:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0752", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.1.0.Z.MAIN:grub2-1:2.06-46.el9_1.3.src", "BaseOS-9.1.0.Z.MAIN:grub2-common-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-debugsource-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-aa64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-efi-x64-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-emu-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-pc-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-ppc64le-modules-1:2.06-46.el9_1.3.noarch", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-1:2.06-46.el9_1.3.x86_64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.aarch64", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.ppc64le", "BaseOS-9.1.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.06-46.el9_1.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2023:0048
Vulnerability from csaf_redhat
Published
2023-01-09 14:50
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [RHEL8.6][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2108049)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0048", url: "https://access.redhat.com/errata/RHSA-2023:0048", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0048.json", }, ], title: "Red Hat Security Advisory: grub2 security and bug fix update", tracking: { current_release_date: "2024-11-22T21:00:49+00:00", generator: { date: "2024-11-22T21:00:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0048", initial_release_date: "2023-01-09T14:50:55+00:00", revision_history: [ { date: "2023-01-09T14:50:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:50:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.6::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-123.el8_6.12.src", product: { name: "grub2-1:2.02-123.el8_6.12.src", product_id: "grub2-1:2.02-123.el8_6.12.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-123.el8_6.12?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-common-1:2.02-123.el8_6.12.noarch", product_id: "grub2-common-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product_id: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-123.el8_6.12?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-pc-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-123.el8_6.12?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-123.el8_6.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", }, product_reference: "grub2-1:2.02-123.el8_6.12.src", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-common-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-debugsource-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-pc-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-pc-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:50:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0048", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:50:55+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0048", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.6.0.Z.EUS:grub2-1:2.02-123.el8_6.12.src", "BaseOS-8.6.0.Z.EUS:grub2-common-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-debugsource-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-efi-x64-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-pc-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-pc-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-ppc64le-modules-1:2.02-123.el8_6.12.noarch", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.aarch64", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.ppc64le", "BaseOS-8.6.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-123.el8_6.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2023:0047
Vulnerability from csaf_redhat
Published
2023-01-09 14:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0047", url: "https://access.redhat.com/errata/RHSA-2023:0047", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0047.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:58+00:00", generator: { date: "2024-11-22T21:00:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0047", initial_release_date: "2023-01-09T14:51:08+00:00", revision_history: [ { date: "2023-01-09T14:51:08+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:51:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.4::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-99.el8_4.10.src", product: { name: "grub2-1:2.02-99.el8_4.10.src", product_id: "grub2-1:2.02-99.el8_4.10.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-99.el8_4.10?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-common-1:2.02-99.el8_4.10.noarch", product_id: "grub2-common-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-99.el8_4.10.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", }, product_reference: "grub2-1:2.02-99.el8_4.10.src", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-common-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-pc-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:51:08+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:51:08+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2024_2002
Vulnerability from csaf_redhat
Published
2024-04-23 16:44
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2002", url: "https://access.redhat.com/errata/RHSA-2024:2002", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "RHEL-23460", url: "https://issues.redhat.com/browse/RHEL-23460", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2002.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:25+00:00", generator: { date: "2024-11-22T21:01:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:2002", initial_release_date: "2024-04-23T16:44:09+00:00", revision_history: [ { date: "2024-04-23T16:44:09+00:00", number: "1", summary: "Initial version", }, { date: "2024-04-23T16:44:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.src", product: { name: "grub2-1:2.02-0.87.el7_9.14.src", product_id: "grub2-1:2.02-0.87.el7_9.14.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-0.87.el7_9.14?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-common-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product_id: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-0.87.el7_9.14?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product_id: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-0.87.el7_9.14?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Client-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Server-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.src", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-common-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-pc-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", relates_to_product_reference: "7Workstation-optional-7.9.Z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-04-23T16:44:09+00:00", details: "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2002", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Client-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Client-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7ComputeNode-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7ComputeNode-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Server-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Server-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.src", "7Workstation-optional-7.9.Z:grub2-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-common-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-debuginfo-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-aa64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-ia32-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-ia32-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-efi-x64-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-cdboot-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-efi-x64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-pc-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-pc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-ppc64-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-ppc64le-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-ppc64le-modules-1:2.02-0.87.el7_9.14.noarch", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-extra-1:2.02-0.87.el7_9.14.x86_64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.ppc64le", "7Workstation-optional-7.9.Z:grub2-tools-minimal-1:2.02-0.87.el7_9.14.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, ], }
RHSA-2023:0049
Vulnerability from csaf_redhat
Published
2023-01-09 14:47
Modified
2024-11-22 21:01
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0049", url: "https://access.redhat.com/errata/RHSA-2023:0049", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0049.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:01:09+00:00", generator: { date: "2024-11-22T21:01:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0049", initial_release_date: "2023-01-09T14:47:07+00:00", revision_history: [ { date: "2023-01-09T14:47:07+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:47:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:01:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-142.el8_7.1.src", product: { name: "grub2-1:2.02-142.el8_7.1.src", product_id: "grub2-1:2.02-142.el8_7.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-142.el8_7.1?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-common-1:2.02-142.el8_7.1.noarch", product_id: "grub2-common-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product_id: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-142.el8_7.1?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-pc-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-142.el8_7.1?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-142.el8_7.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", }, product_reference: "grub2-1:2.02-142.el8_7.1.src", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-common-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-debugsource-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-pc-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-pc-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", relates_to_product_reference: "BaseOS-8.7.0.Z.MAIN", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:47:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:47:07+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.7.0.Z.MAIN:grub2-1:2.02-142.el8_7.1.src", "BaseOS-8.7.0.Z.MAIN:grub2-common-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-debugsource-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-cdboot-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-aa64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-ia32-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-cdboot-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-efi-x64-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-pc-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-pc-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-ppc64le-modules-1:2.02-142.el8_7.1.noarch", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-efi-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-extra-debuginfo-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-1:2.02-142.el8_7.1.x86_64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.aarch64", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.ppc64le", "BaseOS-8.7.0.Z.MAIN:grub2-tools-minimal-debuginfo-1:2.02-142.el8_7.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2022_8494
Vulnerability from csaf_redhat
Published
2022-11-16 10:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8494", url: "https://access.redhat.com/errata/RHSA-2022:8494", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8494.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:24+00:00", generator: { date: "2024-11-22T21:00:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8494", initial_release_date: "2022-11-16T10:51:10+00:00", revision_history: [ { date: "2022-11-16T10:51:10+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-16T10:51:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product: { name: "Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_e4s:8.1::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-87.el8_1.11.src", product: { name: "grub2-1:2.02-87.el8_1.11.src", product_id: "grub2-1:2.02-87.el8_1.11.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-87.el8_1.11?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-common-1:2.02-87.el8_1.11.noarch", product_id: "grub2-common-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product_id: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_1.11?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-pc-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1.11?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-87.el8_1.11.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", }, product_reference: "grub2-1:2.02-87.el8_1.11.src", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-common-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-debugsource-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-pc-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-pc-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.1)", product_id: "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", relates_to_product_reference: "BaseOS-8.1.0.Z.E4S", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-16T10:51:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8494", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-16T10:51:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8494", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.1.0.Z.E4S:grub2-1:2.02-87.el8_1.11.src", "BaseOS-8.1.0.Z.E4S:grub2-common-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-debugsource-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-aa64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-ia32-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-cdboot-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-efi-x64-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-pc-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-pc-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-ppc64le-modules-1:2.02-87.el8_1.11.noarch", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-1:2.02-87.el8_1.11.x86_64", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.ppc64le", "BaseOS-8.1.0.Z.E4S:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.11.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
rhsa-2022_8978
Vulnerability from csaf_redhat
Published
2022-12-13 16:11
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)
* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)
* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)
* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm: swapper/0 Not tainted (BZ#2130104)\n\n* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after copying the signed grub to prep partition (BZ#2134358)\n\n* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c / 64TB - 192 decimal is the biggest partition min value Linux can handle? (BZ#2134434)\n\n* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8978", url: "https://access.redhat.com/errata/RHSA-2022:8978", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8978.json", }, ], title: "Red Hat Security Advisory: grub2 security and bug fix update", tracking: { current_release_date: "2024-11-22T21:00:41+00:00", generator: { date: "2024-11-22T21:00:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8978", initial_release_date: "2022-12-13T16:11:40+00:00", revision_history: [ { date: "2022-12-13T16:11:40+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T16:11:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:9.0::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.06-27.el9_0.12.src", product: { name: "grub2-1:2.06-27.el9_0.12.src", product_id: "grub2-1:2.06-27.el9_0.12.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.06-27.el9_0.12?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-common-1:2.06-27.el9_0.12.noarch", product_id: "grub2-common-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product: { name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product_id: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-27.el9_0.12?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-pc-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-27.el9_0.12?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.06-27.el9_0.12.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", }, product_reference: "grub2-1:2.06-27.el9_0.12.src", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-common-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-debugsource-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-pc-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-pc-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.0)", product_id: "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", relates_to_product_reference: "BaseOS-9.0.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T16:11:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8978", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T16:11:40+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8978", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-9.0.0.Z.EUS:grub2-1:2.06-27.el9_0.12.src", "BaseOS-9.0.0.Z.EUS:grub2-common-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-debugsource-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-efi-aa64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-cdboot-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-efi-x64-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-emu-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-pc-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-ppc64le-modules-1:2.06-27.el9_0.12.noarch", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-1:2.06-27.el9_0.12.x86_64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.aarch64", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.ppc64le", "BaseOS-9.0.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.06-27.el9_0.12.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
RHSA-2023:0047
Vulnerability from csaf_redhat
Published
2023-01-09 14:51
Modified
2024-11-22 21:00
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grub2 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0047", url: "https://access.redhat.com/errata/RHSA-2023:0047", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0047.json", }, ], title: "Red Hat Security Advisory: grub2 security update", tracking: { current_release_date: "2024-11-22T21:00:58+00:00", generator: { date: "2024-11-22T21:00:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:0047", initial_release_date: "2023-01-09T14:51:08+00:00", revision_history: [ { date: "2023-01-09T14:51:08+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-09T14:51:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:00:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.4::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grub2-1:2.02-99.el8_4.10.src", product: { name: "grub2-1:2.02-99.el8_4.10.src", product_id: "grub2-1:2.02-99.el8_4.10.src", product_identification_helper: { purl: "pkg:rpm/redhat/grub2@2.02-99.el8_4.10?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grub2-common-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-common-1:2.02-99.el8_4.10.noarch", product_id: "grub2-common-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-common@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product: { name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product_id: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-99.el8_4.10?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-pc-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-pc@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-ppc64le@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debugsource@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_id: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-99.el8_4.10?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-1:2.02-99.el8_4.10.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", }, product_reference: "grub2-1:2.02-99.el8_4.10.src", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-common-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-common-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-debugsource-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-pc-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-pc-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", }, product_reference: "grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.4)", product_id: "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", }, product_reference: "grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", relates_to_product_reference: "BaseOS-8.4.0.Z.EUS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Zhang Boyang", ], }, ], cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2112975", }, ], notes: [ { category: "description", text: "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", title: "Vulnerability summary", }, { category: "other", text: "Grub code needs to be updated after installing the relevant RPM.\n\nFor RHEL systems installed on machines with EFI based BIOS : sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg\nFor RHEL systems installed on machines with legacy (msdos) based BIOS : sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nFor BIOS based systems, after completing yum update, grub2-install needs to be run against the device where the boot partition is, for example, grub2-install /dev/vda.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "RHBZ#2112975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2601", url: "https://www.cve.org/CVERecord?id=CVE-2022-2601", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:51:08+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass", }, { acknowledgments: [ { names: [ "Daniel Axtens", ], }, ], cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138880", }, ], notes: [ { category: "description", text: "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "RHBZ#2138880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3775", url: "https://www.cve.org/CVERecord?id=CVE-2022-3775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3775", }, { category: "external", summary: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", url: "https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-09T14:51:08+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "BaseOS-8.4.0.Z.EUS:grub2-1:2.02-99.el8_4.10.src", "BaseOS-8.4.0.Z.EUS:grub2-common-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-debugsource-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-efi-x64-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-pc-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-pc-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-ppc64le-modules-1:2.02-99.el8_4.10.noarch", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-1:2.02-99.el8_4.10.x86_64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.aarch64", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.ppc64le", "BaseOS-8.4.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-99.el8_4.10.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grub2: Heap based out-of-bounds write when redering certain unicode sequences", }, ], }
WID-SEC-W-2022-2058
Vulnerability from csaf_certbund
Published
2022-11-15 23:00
Modified
2024-07-24 22:00
Summary
Grub2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Grub ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Grub ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder einen Denial of Service zu verursachen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-2058 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2058.json", }, { category: "self", summary: "WID-SEC-2022-2058 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2058", }, { category: "external", summary: "RedHat Security Advisory vom 2022-11-15", url: "https://access.redhat.com/errata/RHSA-2022:8494", }, { category: "external", summary: "Debian Security Advisory DLA-3190 vom 2022-11-16", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00018.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4143-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013046.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4142-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013044.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4141-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013048.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4144-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013042.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4140-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013041.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4219-1 vom 2022-11-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013113.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4218-1 vom 2022-11-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013111.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4302-1 vom 2022-12-01", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013179.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8800 vom 2022-12-06", url: "https://access.redhat.com/errata/RHSA-2022:8800", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8978 vom 2022-12-13", url: "https://access.redhat.com/errata/RHSA-2022:8978", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0047 vom 2023-01-09", url: "https://access.redhat.com/errata/RHSA-2023:0047", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0048 vom 2023-01-09", url: "https://access.redhat.com/errata/RHSA-2023:0048", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0049 vom 2023-01-09", url: "https://access.redhat.com/errata/RHSA-2023:0049", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-12019 vom 2023-01-12", url: "http://linux.oracle.com/errata/ELSA-2023-12019.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-0049 vom 2023-01-25", url: "http://linux.oracle.com/errata/ELSA-2023-0049.html", }, { category: "external", summary: "Debian Security Advisory DLA-3312 vom 2023-02-08", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00006.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0752 vom 2023-02-14", url: "https://access.redhat.com/errata/RHSA-2023:0752", }, { category: "external", summary: "IBM Security Bulletin 6965816 vom 2023-03-24", url: "https://www.ibm.com/support/pages/node/6965816", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:1701-1 vom 2023-03-30", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014265.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-0752 vom 2023-06-13", url: "https://linux.oracle.com/errata/ELSA-2023-0752.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-2146 vom 2023-07-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2146.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6355-1 vom 2023-09-08", url: "https://ubuntu.com/security/notices/USN-6355-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-283 vom 2024-01-23", url: "https://alas.aws.amazon.com/AL2022/ALAS-2023-283.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202311-14 vom 2023-11-25", url: "https://security.gentoo.org/glsa/202311-14", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2002 vom 2024-04-23", url: "https://access.redhat.com/errata/RHSA-2024:2002", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3184 vom 2024-05-28", url: "https://linux.oracle.com/errata/ELSA-2024-3184.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2024:2002 vom 2024-06-06", url: "https://lwn.net/Articles/973019", }, { category: "external", summary: "IBM Security Bulletin 7161468 vom 2024-07-24", url: "https://www.ibm.com/support/pages/node/7161468", }, ], source_lang: "en-US", title: "Grub2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-07-24T22:00:00.000+00:00", generator: { date: "2024-08-15T17:38:05.991+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-2058", initial_release_date: "2022-11-15T23:00:00.000+00:00", revision_history: [ { date: "2022-11-15T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-11-16T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian aufgenommen", }, { date: "2022-11-21T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-11-22T23:00:00.000+00:00", number: "4", summary: "Referenz(en) aufgenommen: FEDORA-2022-3130C677B4, FEDORA-2022-9B03E69561", }, { date: "2022-11-23T23:00:00.000+00:00", number: "5", summary: "Referenz(en) aufgenommen: FEDORA-2022-7CE9378E90, FEDORA-2022-F86E203BAF", }, { date: "2022-11-27T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-12-01T23:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-12-06T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-12-13T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-01-09T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-01-12T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-01-25T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-02-08T23:00:00.000+00:00", number: "13", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-02-14T23:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-23T23:00:00.000+00:00", number: "15", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-30T22:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-06-13T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-07-19T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-09-07T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-11-26T23:00:00.000+00:00", number: "20", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-01-22T23:00:00.000+00:00", number: "21", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-04-23T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "24", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2024-07-24T22:00:00.000+00:00", number: "25", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "25", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "11.5", product: { name: "IBM Security Guardium 11.5", product_id: "1411051", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:11.5", }, }, }, ], category: "product_name", name: "Security Guardium", }, { branches: [ { category: "product_version_range", name: "<10.1.14", product: { name: "IBM Spectrum Protect <10.1.14", product_id: "T026783", }, }, ], category: "product_name", name: "Spectrum Protect", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { branches: [ { category: "product_version", name: "2", product: { name: "Open Source Grub 2", product_id: "T015539", product_identification_helper: { cpe: "cpe:/a:gnu:grub:2", }, }, }, ], category: "product_name", name: "Grub", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grub2. Ein Pufferüberlauf in \"grub_font_construct_glyph()\" kann zu einem Out-of-Bound-Schreiben und einer möglichen Umgehung des Secure Boot führen. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen", }, ], product_status: { known_affected: [ "2951", "T002207", "T015539", "67646", "T000126", "398363", "T012167", "1727", "T004914", "T026783", "1411051", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grub. Beim Rendern bestimmter Unicode-Sequenzen werden die Schriftbreite und -höhe nicht richtig validiert. Diese Werte werden weiter verwendet, um auf den Schriftpuffer zuzugreifen, was zu Out-of-Bounds-Writes führen kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren oder einen Denial of Service zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T015539", "67646", "T000126", "398363", "T012167", "1727", "T004914", "T026783", "1411051", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-3775", }, ], }
wid-sec-w-2024-1835
Vulnerability from csaf_certbund
Published
2024-08-13 22:00
Modified
2024-08-26 22:00
Summary
Microsoft Windows: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Windows ist ein Betriebssystem von Microsoft.
Windows Server 2016 ist ein Betriebssystem von Microsoft.
Windows Server 2019 ist ein Betriebssystem von Microsoft.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Windows
{ document: { aggregate_severity: { text: "kritisch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Windows ist ein Betriebssystem von Microsoft.\r\nWindows Server 2016 ist ein Betriebssystem von Microsoft.\r\nWindows Server 2019 ist ein Betriebssystem von Microsoft.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1835 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1835.json", }, { category: "self", summary: "WID-SEC-2024-1835 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1835", }, { category: "external", summary: "Microsoft Leitfaden für Sicherheitsupdates vom 2024-08-13", url: "https://msrc.microsoft.com/update-guide", }, { category: "external", summary: "PoC CVE-2024-38063 vom 2024-08-26", url: "https://github.com/ynwarcs/CVE-2024-38063", }, ], source_lang: "en-US", title: "Microsoft Windows: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-26T22:00:00.000+00:00", generator: { date: "2024-08-27T08:07:19.027+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2024-1835", initial_release_date: "2024-08-13T22:00:00.000+00:00", revision_history: [ { date: "2024-08-13T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-08-26T22:00:00.000+00:00", number: "2", summary: "PoC für CVE-2024-38063 verfügbar", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "Remote Desktop client for Desktop", product: { name: "Microsoft Windows Remote Desktop client for Desktop", product_id: "T023160", product_identification_helper: { cpe: "cpe:/o:microsoft:windows:remote_desktop_client_for_desktop", }, }, }, ], category: "product_name", name: "Windows", }, { branches: [ { category: "product_version", name: "Version 1607", product: { name: "Microsoft Windows 10 Version 1607", product_id: "T011520", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_1607", }, }, }, { category: "product_version", name: "Version 21H2", product: { name: "Microsoft Windows 10 Version 21H2", product_id: "T021306", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_21h2", }, }, }, { category: "product_version", name: "Version 22H2", product: { name: "Microsoft Windows 10 Version 22H2", product_id: "T025256", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_22h2", }, }, }, { category: "product_name", name: "Microsoft Windows 10", product: { name: "Microsoft Windows 10", product_id: "T025566", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:windows_terminal", }, }, }, { category: "product_version", name: "Version 1809", product: { name: "Microsoft Windows 10 Version 1809", product_id: "T034033", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_1809", }, }, }, ], category: "product_name", name: "Windows 10", }, { branches: [ { category: "product_version", name: "Version 24H2", product: { name: "Microsoft Windows 11 Version 24H2", product_id: "T025567", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_11:windows_terminal", }, }, }, { category: "product_version", name: "Version 23H2", product: { name: "Microsoft Windows 11 Version 23H2", product_id: "T031172", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_11:version_23h2", }, }, }, { category: "product_version", name: "Version 22H2", product: { name: "Microsoft Windows 11 Version 22H2", product_id: "T034034", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_11:version_22h2", }, }, }, { category: "product_version_range", name: "version 21H2", product: { name: "Microsoft Windows 11 version 21H2", product_id: "T034035", }, }, ], category: "product_name", name: "Windows 11", }, { branches: [ { category: "product_version", name: "2008 SP2", product: { name: "Microsoft Windows Server 2008 SP2", product_id: "T012853", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server:2008_sp2", }, }, }, { category: "product_version", name: "2008 R2 SP1", product: { name: "Microsoft Windows Server 2008 R2 SP1", product_id: "T012855", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server:2008_r2_sp1", }, }, }, ], category: "product_name", name: "Windows Server", }, { category: "product_name", name: "Microsoft Windows Server 2012", product: { name: "Microsoft Windows Server 2012", product_id: "T006125", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2012:::server_core_installation", }, }, }, { category: "product_name", name: "Microsoft Windows Server 2012 R2", product: { name: "Microsoft Windows Server 2012 R2", product_id: "T014786", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2012_r2:-", }, }, }, { category: "product_name", name: "Microsoft Windows Server 2016", product: { name: "Microsoft Windows Server 2016", product_id: "T010224", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2016:server_2016::server_core_installation", }, }, }, { category: "product_name", name: "Microsoft Windows Server 2019", product: { name: "Microsoft Windows Server 2019", product_id: "T014557", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2019:server_core_installation", }, }, }, { branches: [ { category: "product_name", name: "Microsoft Windows Server 2022", product: { name: "Microsoft Windows Server 2022", product_id: "T025255", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2022:datacenter_azure_edition", }, }, }, { category: "product_version", name: "23H2 Edition", product: { name: "Microsoft Windows Server 2022 23H2 Edition", product_id: "T034036", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2022:23h2_edition", }, }, }, ], category: "product_name", name: "Windows Server 2022", }, ], category: "vendor", name: "Microsoft", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2022-3775", }, { cve: "CVE-2023-40547", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2023-40547", }, { cve: "CVE-2024-29995", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-29995", }, { cve: "CVE-2024-37968", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-37968", }, { cve: "CVE-2024-38063", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38063", }, { cve: "CVE-2024-38106", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38106", }, { cve: "CVE-2024-38107", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38107", }, { cve: "CVE-2024-38114", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38114", }, { cve: "CVE-2024-38115", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38115", }, { cve: "CVE-2024-38116", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38116", }, { cve: "CVE-2024-38117", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38117", }, { cve: "CVE-2024-38118", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38118", }, { cve: "CVE-2024-38120", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38120", }, { cve: "CVE-2024-38121", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38121", }, { cve: "CVE-2024-38122", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38122", }, { cve: "CVE-2024-38123", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38123", }, { cve: "CVE-2024-38125", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38125", }, { cve: "CVE-2024-38126", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38126", }, { cve: "CVE-2024-38127", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38127", }, { cve: "CVE-2024-38128", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38128", }, { cve: "CVE-2024-38130", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38130", }, { cve: "CVE-2024-38131", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38131", }, { cve: "CVE-2024-38132", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38132", }, { cve: "CVE-2024-38133", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38133", }, { cve: "CVE-2024-38134", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38134", }, { cve: "CVE-2024-38135", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38135", }, { cve: "CVE-2024-38136", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38136", }, { cve: "CVE-2024-38137", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38137", }, { cve: "CVE-2024-38138", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38138", }, { cve: "CVE-2024-38140", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38140", }, { cve: "CVE-2024-38141", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38141", }, { cve: "CVE-2024-38142", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38142", }, { cve: "CVE-2024-38143", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38143", }, { cve: "CVE-2024-38144", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38144", }, { cve: "CVE-2024-38145", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38145", }, { cve: "CVE-2024-38146", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38146", }, { cve: "CVE-2024-38147", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38147", }, { cve: "CVE-2024-38148", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38148", }, { cve: "CVE-2024-38150", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38150", }, { cve: "CVE-2024-38151", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38151", }, { cve: "CVE-2024-38152", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38152", }, { cve: "CVE-2024-38153", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38153", }, { cve: "CVE-2024-38154", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38154", }, { cve: "CVE-2024-38155", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38155", }, { cve: "CVE-2024-38159", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38159", }, { cve: "CVE-2024-38160", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38160", }, { cve: "CVE-2024-38161", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38161", }, { cve: "CVE-2024-38163", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38163", }, { cve: "CVE-2024-38165", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38165", }, { cve: "CVE-2024-38178", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38178", }, { cve: "CVE-2024-38180", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38180", }, { cve: "CVE-2024-38184", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38184", }, { cve: "CVE-2024-38185", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38185", }, { cve: "CVE-2024-38186", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38186", }, { cve: "CVE-2024-38187", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38187", }, { cve: "CVE-2024-38191", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38191", }, { cve: "CVE-2024-38193", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38193", }, { cve: "CVE-2024-38196", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38196", }, { cve: "CVE-2024-38198", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38198", }, { cve: "CVE-2024-38199", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38199", }, { cve: "CVE-2024-38213", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38213", }, { cve: "CVE-2024-38214", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38214", }, { cve: "CVE-2024-38215", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38215", }, { cve: "CVE-2024-38223", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38223", }, ], }
wid-sec-w-2022-2058
Vulnerability from csaf_certbund
Published
2022-11-15 23:00
Modified
2024-07-24 22:00
Summary
Grub2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Grub ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Grub ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder einen Denial of Service zu verursachen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-2058 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2058.json", }, { category: "self", summary: "WID-SEC-2022-2058 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2058", }, { category: "external", summary: "RedHat Security Advisory vom 2022-11-15", url: "https://access.redhat.com/errata/RHSA-2022:8494", }, { category: "external", summary: "Debian Security Advisory DLA-3190 vom 2022-11-16", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00018.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4143-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013046.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4142-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013044.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4141-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013048.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4144-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013042.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4140-1 vom 2022-11-21", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013041.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4219-1 vom 2022-11-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013113.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4218-1 vom 2022-11-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013111.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:4302-1 vom 2022-12-01", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013179.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8800 vom 2022-12-06", url: "https://access.redhat.com/errata/RHSA-2022:8800", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8978 vom 2022-12-13", url: "https://access.redhat.com/errata/RHSA-2022:8978", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0047 vom 2023-01-09", url: "https://access.redhat.com/errata/RHSA-2023:0047", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0048 vom 2023-01-09", url: "https://access.redhat.com/errata/RHSA-2023:0048", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0049 vom 2023-01-09", url: "https://access.redhat.com/errata/RHSA-2023:0049", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-12019 vom 2023-01-12", url: "http://linux.oracle.com/errata/ELSA-2023-12019.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-0049 vom 2023-01-25", url: "http://linux.oracle.com/errata/ELSA-2023-0049.html", }, { category: "external", summary: "Debian Security Advisory DLA-3312 vom 2023-02-08", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00006.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0752 vom 2023-02-14", url: "https://access.redhat.com/errata/RHSA-2023:0752", }, { category: "external", summary: "IBM Security Bulletin 6965816 vom 2023-03-24", url: "https://www.ibm.com/support/pages/node/6965816", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:1701-1 vom 2023-03-30", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014265.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-0752 vom 2023-06-13", url: "https://linux.oracle.com/errata/ELSA-2023-0752.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-2146 vom 2023-07-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2146.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6355-1 vom 2023-09-08", url: "https://ubuntu.com/security/notices/USN-6355-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-283 vom 2024-01-23", url: "https://alas.aws.amazon.com/AL2022/ALAS-2023-283.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202311-14 vom 2023-11-25", url: "https://security.gentoo.org/glsa/202311-14", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2002 vom 2024-04-23", url: "https://access.redhat.com/errata/RHSA-2024:2002", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3184 vom 2024-05-28", url: "https://linux.oracle.com/errata/ELSA-2024-3184.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2024:2002 vom 2024-06-06", url: "https://lwn.net/Articles/973019", }, { category: "external", summary: "IBM Security Bulletin 7161468 vom 2024-07-24", url: "https://www.ibm.com/support/pages/node/7161468", }, ], source_lang: "en-US", title: "Grub2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-07-24T22:00:00.000+00:00", generator: { date: "2024-08-15T17:38:05.991+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-2058", initial_release_date: "2022-11-15T23:00:00.000+00:00", revision_history: [ { date: "2022-11-15T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-11-16T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian aufgenommen", }, { date: "2022-11-21T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-11-22T23:00:00.000+00:00", number: "4", summary: "Referenz(en) aufgenommen: FEDORA-2022-3130C677B4, FEDORA-2022-9B03E69561", }, { date: "2022-11-23T23:00:00.000+00:00", number: "5", summary: "Referenz(en) aufgenommen: FEDORA-2022-7CE9378E90, FEDORA-2022-F86E203BAF", }, { date: "2022-11-27T23:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-12-01T23:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-12-06T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-12-13T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-01-09T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-01-12T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-01-25T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-02-08T23:00:00.000+00:00", number: "13", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-02-14T23:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-23T23:00:00.000+00:00", number: "15", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-30T22:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-06-13T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-07-19T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-09-07T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2023-11-26T23:00:00.000+00:00", number: "20", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-01-22T23:00:00.000+00:00", number: "21", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-04-23T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "24", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2024-07-24T22:00:00.000+00:00", number: "25", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "25", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "11.5", product: { name: "IBM Security Guardium 11.5", product_id: "1411051", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:11.5", }, }, }, ], category: "product_name", name: "Security Guardium", }, { branches: [ { category: "product_version_range", name: "<10.1.14", product: { name: "IBM Spectrum Protect <10.1.14", product_id: "T026783", }, }, ], category: "product_name", name: "Spectrum Protect", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { branches: [ { category: "product_version", name: "2", product: { name: "Open Source Grub 2", product_id: "T015539", product_identification_helper: { cpe: "cpe:/a:gnu:grub:2", }, }, }, ], category: "product_name", name: "Grub", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grub2. Ein Pufferüberlauf in \"grub_font_construct_glyph()\" kann zu einem Out-of-Bound-Schreiben und einer möglichen Umgehung des Secure Boot führen. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen", }, ], product_status: { known_affected: [ "2951", "T002207", "T015539", "67646", "T000126", "398363", "T012167", "1727", "T004914", "T026783", "1411051", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grub. Beim Rendern bestimmter Unicode-Sequenzen werden die Schriftbreite und -höhe nicht richtig validiert. Diese Werte werden weiter verwendet, um auf den Schriftpuffer zuzugreifen, was zu Out-of-Bounds-Writes führen kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren oder einen Denial of Service zu verursachen.", }, ], product_status: { known_affected: [ "2951", "T002207", "T015539", "67646", "T000126", "398363", "T012167", "1727", "T004914", "T026783", "1411051", ], }, release_date: "2022-11-15T23:00:00.000+00:00", title: "CVE-2022-3775", }, ], }
WID-SEC-W-2024-1835
Vulnerability from csaf_certbund
Published
2024-08-13 22:00
Modified
2024-08-26 22:00
Summary
Microsoft Windows: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Windows ist ein Betriebssystem von Microsoft.
Windows Server 2016 ist ein Betriebssystem von Microsoft.
Windows Server 2019 ist ein Betriebssystem von Microsoft.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Windows
{ document: { aggregate_severity: { text: "kritisch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Windows ist ein Betriebssystem von Microsoft.\r\nWindows Server 2016 ist ein Betriebssystem von Microsoft.\r\nWindows Server 2019 ist ein Betriebssystem von Microsoft.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1835 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1835.json", }, { category: "self", summary: "WID-SEC-2024-1835 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1835", }, { category: "external", summary: "Microsoft Leitfaden für Sicherheitsupdates vom 2024-08-13", url: "https://msrc.microsoft.com/update-guide", }, { category: "external", summary: "PoC CVE-2024-38063 vom 2024-08-26", url: "https://github.com/ynwarcs/CVE-2024-38063", }, ], source_lang: "en-US", title: "Microsoft Windows: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-26T22:00:00.000+00:00", generator: { date: "2024-08-27T08:07:19.027+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2024-1835", initial_release_date: "2024-08-13T22:00:00.000+00:00", revision_history: [ { date: "2024-08-13T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-08-26T22:00:00.000+00:00", number: "2", summary: "PoC für CVE-2024-38063 verfügbar", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "Remote Desktop client for Desktop", product: { name: "Microsoft Windows Remote Desktop client for Desktop", product_id: "T023160", product_identification_helper: { cpe: "cpe:/o:microsoft:windows:remote_desktop_client_for_desktop", }, }, }, ], category: "product_name", name: "Windows", }, { branches: [ { category: "product_version", name: "Version 1607", product: { name: "Microsoft Windows 10 Version 1607", product_id: "T011520", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_1607", }, }, }, { category: "product_version", name: "Version 21H2", product: { name: "Microsoft Windows 10 Version 21H2", product_id: "T021306", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_21h2", }, }, }, { category: "product_version", name: "Version 22H2", product: { name: "Microsoft Windows 10 Version 22H2", product_id: "T025256", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_22h2", }, }, }, { category: "product_name", name: "Microsoft Windows 10", product: { name: "Microsoft Windows 10", product_id: "T025566", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:windows_terminal", }, }, }, { category: "product_version", name: "Version 1809", product: { name: "Microsoft Windows 10 Version 1809", product_id: "T034033", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_10:version_1809", }, }, }, ], category: "product_name", name: "Windows 10", }, { branches: [ { category: "product_version", name: "Version 24H2", product: { name: "Microsoft Windows 11 Version 24H2", product_id: "T025567", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_11:windows_terminal", }, }, }, { category: "product_version", name: "Version 23H2", product: { name: "Microsoft Windows 11 Version 23H2", product_id: "T031172", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_11:version_23h2", }, }, }, { category: "product_version", name: "Version 22H2", product: { name: "Microsoft Windows 11 Version 22H2", product_id: "T034034", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_11:version_22h2", }, }, }, { category: "product_version_range", name: "version 21H2", product: { name: "Microsoft Windows 11 version 21H2", product_id: "T034035", }, }, ], category: "product_name", name: "Windows 11", }, { branches: [ { category: "product_version", name: "2008 SP2", product: { name: "Microsoft Windows Server 2008 SP2", product_id: "T012853", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server:2008_sp2", }, }, }, { category: "product_version", name: "2008 R2 SP1", product: { name: "Microsoft Windows Server 2008 R2 SP1", product_id: "T012855", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server:2008_r2_sp1", }, }, }, ], category: "product_name", name: "Windows Server", }, { category: "product_name", name: "Microsoft Windows Server 2012", product: { name: "Microsoft Windows Server 2012", product_id: "T006125", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2012:::server_core_installation", }, }, }, { category: "product_name", name: "Microsoft Windows Server 2012 R2", product: { name: "Microsoft Windows Server 2012 R2", product_id: "T014786", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2012_r2:-", }, }, }, { category: "product_name", name: "Microsoft Windows Server 2016", product: { name: "Microsoft Windows Server 2016", product_id: "T010224", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2016:server_2016::server_core_installation", }, }, }, { category: "product_name", name: "Microsoft Windows Server 2019", product: { name: "Microsoft Windows Server 2019", product_id: "T014557", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2019:server_core_installation", }, }, }, { branches: [ { category: "product_name", name: "Microsoft Windows Server 2022", product: { name: "Microsoft Windows Server 2022", product_id: "T025255", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2022:datacenter_azure_edition", }, }, }, { category: "product_version", name: "23H2 Edition", product: { name: "Microsoft Windows Server 2022 23H2 Edition", product_id: "T034036", product_identification_helper: { cpe: "cpe:/o:microsoft:windows_server_2022:23h2_edition", }, }, }, ], category: "product_name", name: "Windows Server 2022", }, ], category: "vendor", name: "Microsoft", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2022-3775", }, { cve: "CVE-2023-40547", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2023-40547", }, { cve: "CVE-2024-29995", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-29995", }, { cve: "CVE-2024-37968", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-37968", }, { cve: "CVE-2024-38063", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38063", }, { cve: "CVE-2024-38106", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38106", }, { cve: "CVE-2024-38107", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38107", }, { cve: "CVE-2024-38114", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38114", }, { cve: "CVE-2024-38115", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38115", }, { cve: "CVE-2024-38116", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38116", }, { cve: "CVE-2024-38117", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38117", }, { cve: "CVE-2024-38118", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38118", }, { cve: "CVE-2024-38120", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38120", }, { cve: "CVE-2024-38121", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38121", }, { cve: "CVE-2024-38122", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38122", }, { cve: "CVE-2024-38123", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38123", }, { cve: "CVE-2024-38125", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38125", }, { cve: "CVE-2024-38126", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38126", }, { cve: "CVE-2024-38127", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38127", }, { cve: "CVE-2024-38128", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38128", }, { cve: "CVE-2024-38130", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38130", }, { cve: "CVE-2024-38131", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38131", }, { cve: "CVE-2024-38132", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38132", }, { cve: "CVE-2024-38133", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38133", }, { cve: "CVE-2024-38134", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38134", }, { cve: "CVE-2024-38135", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38135", }, { cve: "CVE-2024-38136", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38136", }, { cve: "CVE-2024-38137", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38137", }, { cve: "CVE-2024-38138", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38138", }, { cve: "CVE-2024-38140", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38140", }, { cve: "CVE-2024-38141", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38141", }, { cve: "CVE-2024-38142", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38142", }, { cve: "CVE-2024-38143", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38143", }, { cve: "CVE-2024-38144", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38144", }, { cve: "CVE-2024-38145", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38145", }, { cve: "CVE-2024-38146", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38146", }, { cve: "CVE-2024-38147", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38147", }, { cve: "CVE-2024-38148", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38148", }, { cve: "CVE-2024-38150", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38150", }, { cve: "CVE-2024-38151", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38151", }, { cve: "CVE-2024-38152", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38152", }, { cve: "CVE-2024-38153", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38153", }, { cve: "CVE-2024-38154", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38154", }, { cve: "CVE-2024-38155", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38155", }, { cve: "CVE-2024-38159", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38159", }, { cve: "CVE-2024-38160", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38160", }, { cve: "CVE-2024-38161", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38161", }, { cve: "CVE-2024-38163", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38163", }, { cve: "CVE-2024-38165", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38165", }, { cve: "CVE-2024-38178", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38178", }, { cve: "CVE-2024-38180", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38180", }, { cve: "CVE-2024-38184", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38184", }, { cve: "CVE-2024-38185", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38185", }, { cve: "CVE-2024-38186", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38186", }, { cve: "CVE-2024-38187", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38187", }, { cve: "CVE-2024-38191", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38191", }, { cve: "CVE-2024-38193", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38193", }, { cve: "CVE-2024-38196", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38196", }, { cve: "CVE-2024-38198", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38198", }, { cve: "CVE-2024-38199", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38199", }, { cve: "CVE-2024-38213", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38213", }, { cve: "CVE-2024-38214", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38214", }, { cve: "CVE-2024-38215", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38215", }, { cve: "CVE-2024-38223", notes: [ { category: "description", text: "In Microsoft Windows, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016, Microsoft Windows Server 2019 und Microsoft Windows Server 2022 existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen. Für die Ausnutzung einiger dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T023160", "T006125", "T010224", "T012855", "T014557", "T012853", "T034033", "T014786", "T011520", "T031172", "T034036", "T034035", "T034034", "T021306", "T025256", "T025567", "T025566", "T025255", ], }, release_date: "2024-08-13T22:00:00.000+00:00", title: "CVE-2024-38223", }, ], }
wid-sec-w-2024-3195
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2024-10-15 22:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3195 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3195.json", }, { category: "self", summary: "WID-SEC-2024-3195 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3195", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Communications vom 2024-10-15", url: "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixCGBU", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-15T22:00:00.000+00:00", generator: { date: "2024-10-16T10:12:35.400+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3195", initial_release_date: "2024-10-15T22:00:00.000+00:00", revision_history: [ { date: "2024-10-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "9.1.1.3.0", product: { name: "Oracle Communications 9.1.1.3.0", product_id: "T027333", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.3.0", }, }, }, { category: "product_version", name: "12.6.1.0.0", product: { name: "Oracle Communications 12.6.1.0.0", product_id: "T027338", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.6.1.0.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "15.0.0.0.0", product: { name: "Oracle Communications 15.0.0.0.0", product_id: "T032090", product_identification_helper: { cpe: "cpe:/a:oracle:communications:15.0.0.0.0", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.2", product: { name: "Oracle Communications 23.4.2", product_id: "T034144", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.2", }, }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.4.3", product: { name: "Oracle Communications 23.4.3", product_id: "T036195", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.3", }, }, }, { category: "product_version", name: "23.4.4", product: { name: "Oracle Communications 23.4.4", product_id: "T036196", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.4", }, }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197", }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197-fixed", }, }, { category: "product_version", name: "4.1.0", product: { name: "Oracle Communications 4.1.0", product_id: "T036205", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.1.0", }, }, }, { category: "product_version", name: "4.2.0", product: { name: "Oracle Communications 4.2.0", product_id: "T036206", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.2.0", }, }, }, { category: "product_version", name: "9.2.0", product: { name: "Oracle Communications 9.2.0", product_id: "T036207", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.2.0", }, }, }, { category: "product_version", name: "9.3.0", product: { name: "Oracle Communications 9.3.0", product_id: "T036208", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.3.0", }, }, }, { category: "product_version", name: "12.11.0", product: { name: "Oracle Communications 12.11.0", product_id: "T036209", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.11.0", }, }, }, { category: "product_version", name: "9.0.1.10.0", product: { name: "Oracle Communications 9.0.1.10.0", product_id: "T038373", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.1.10.0", }, }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375", }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375-fixed", }, }, { category: "product_version", name: "24.2.1", product: { name: "Oracle Communications 24.2.1", product_id: "T038376", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.1", }, }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377", }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377-fixed", }, }, { category: "product_version", name: "24.1.1", product: { name: "Oracle Communications 24.1.1", product_id: "T038378", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.1", }, }, }, { category: "product_version", name: "24.2.2", product: { name: "Oracle Communications 24.2.2", product_id: "T038379", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.2", }, }, }, { category: "product_version", name: "9.1.5", product: { name: "Oracle Communications 9.1.5", product_id: "T038380", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.5", }, }, }, { category: "product_version", name: "9.1.0", product: { name: "Oracle Communications 9.1.0", product_id: "T038381", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.0", }, }, }, { category: "product_version", name: "14", product: { name: "Oracle Communications 14.0", product_id: "T038382", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0", }, }, }, { category: "product_version", name: "9.1.1.9.0", product: { name: "Oracle Communications 9.1.1.9.0", product_id: "T038383", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.9.0", }, }, }, { category: "product_version", name: "14.0.0.1", product: { name: "Oracle Communications 14.0.0.1", product_id: "T038384", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.1", }, }, }, { category: "product_version", name: "17.0.1", product: { name: "Oracle Communications 17.0.1", product_id: "T038385", product_identification_helper: { cpe: "cpe:/a:oracle:communications:17.0.1", }, }, }, { category: "product_version_range", name: "<10.4.0.4", product: { name: "Oracle Communications <10.4.0.4", product_id: "T038386", }, }, { category: "product_version", name: "10.4.0.4", product: { name: "Oracle Communications 10.4.0.4", product_id: "T038386-fixed", product_identification_helper: { cpe: "cpe:/a:oracle:communications:10.4.0.4", }, }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426", }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426-fixed", }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2068", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2068", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2022-2601", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-3635", }, { cve: "CVE-2023-38408", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-38408", }, { cve: "CVE-2023-4043", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-4043", }, { cve: "CVE-2023-46136", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5685", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6816", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-22020", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22020", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-23672", }, { cve: "CVE-2024-2398", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-2398", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-29736", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-38816", }, { cve: "CVE-2024-40898", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-40898", }, { cve: "CVE-2024-43044", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-45492", }, { cve: "CVE-2024-4577", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4603", }, { cve: "CVE-2024-5971", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-7254", }, ], }
WID-SEC-W-2024-3195
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2024-10-15 22:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3195 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3195.json", }, { category: "self", summary: "WID-SEC-2024-3195 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3195", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Communications vom 2024-10-15", url: "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixCGBU", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-15T22:00:00.000+00:00", generator: { date: "2024-10-16T10:12:35.400+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3195", initial_release_date: "2024-10-15T22:00:00.000+00:00", revision_history: [ { date: "2024-10-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "9.1.1.3.0", product: { name: "Oracle Communications 9.1.1.3.0", product_id: "T027333", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.3.0", }, }, }, { category: "product_version", name: "12.6.1.0.0", product: { name: "Oracle Communications 12.6.1.0.0", product_id: "T027338", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.6.1.0.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "15.0.0.0.0", product: { name: "Oracle Communications 15.0.0.0.0", product_id: "T032090", product_identification_helper: { cpe: "cpe:/a:oracle:communications:15.0.0.0.0", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.2", product: { name: "Oracle Communications 23.4.2", product_id: "T034144", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.2", }, }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.4.3", product: { name: "Oracle Communications 23.4.3", product_id: "T036195", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.3", }, }, }, { category: "product_version", name: "23.4.4", product: { name: "Oracle Communications 23.4.4", product_id: "T036196", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.4", }, }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197", }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197-fixed", }, }, { category: "product_version", name: "4.1.0", product: { name: "Oracle Communications 4.1.0", product_id: "T036205", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.1.0", }, }, }, { category: "product_version", name: "4.2.0", product: { name: "Oracle Communications 4.2.0", product_id: "T036206", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.2.0", }, }, }, { category: "product_version", name: "9.2.0", product: { name: "Oracle Communications 9.2.0", product_id: "T036207", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.2.0", }, }, }, { category: "product_version", name: "9.3.0", product: { name: "Oracle Communications 9.3.0", product_id: "T036208", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.3.0", }, }, }, { category: "product_version", name: "12.11.0", product: { name: "Oracle Communications 12.11.0", product_id: "T036209", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.11.0", }, }, }, { category: "product_version", name: "9.0.1.10.0", product: { name: "Oracle Communications 9.0.1.10.0", product_id: "T038373", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.1.10.0", }, }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375", }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375-fixed", }, }, { category: "product_version", name: "24.2.1", product: { name: "Oracle Communications 24.2.1", product_id: "T038376", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.1", }, }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377", }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377-fixed", }, }, { category: "product_version", name: "24.1.1", product: { name: "Oracle Communications 24.1.1", product_id: "T038378", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.1", }, }, }, { category: "product_version", name: "24.2.2", product: { name: "Oracle Communications 24.2.2", product_id: "T038379", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.2", }, }, }, { category: "product_version", name: "9.1.5", product: { name: "Oracle Communications 9.1.5", product_id: "T038380", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.5", }, }, }, { category: "product_version", name: "9.1.0", product: { name: "Oracle Communications 9.1.0", product_id: "T038381", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.0", }, }, }, { category: "product_version", name: "14", product: { name: "Oracle Communications 14.0", product_id: "T038382", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0", }, }, }, { category: "product_version", name: "9.1.1.9.0", product: { name: "Oracle Communications 9.1.1.9.0", product_id: "T038383", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.9.0", }, }, }, { category: "product_version", name: "14.0.0.1", product: { name: "Oracle Communications 14.0.0.1", product_id: "T038384", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.1", }, }, }, { category: "product_version", name: "17.0.1", product: { name: "Oracle Communications 17.0.1", product_id: "T038385", product_identification_helper: { cpe: "cpe:/a:oracle:communications:17.0.1", }, }, }, { category: "product_version_range", name: "<10.4.0.4", product: { name: "Oracle Communications <10.4.0.4", product_id: "T038386", }, }, { category: "product_version", name: "10.4.0.4", product: { name: "Oracle Communications 10.4.0.4", product_id: "T038386-fixed", product_identification_helper: { cpe: "cpe:/a:oracle:communications:10.4.0.4", }, }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426", }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426-fixed", }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2068", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2068", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2022-2601", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-3635", }, { cve: "CVE-2023-38408", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-38408", }, { cve: "CVE-2023-4043", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-4043", }, { cve: "CVE-2023-46136", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5685", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6816", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-22020", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22020", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-23672", }, { cve: "CVE-2024-2398", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-2398", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-29736", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-38816", }, { cve: "CVE-2024-40898", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-40898", }, { cve: "CVE-2024-43044", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-45492", }, { cve: "CVE-2024-4577", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4603", }, { cve: "CVE-2024-5971", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-7254", }, ], }
suse-su-2023:1701-1
Vulnerability from csaf_suse
Published
2023-03-30 11:13
Modified
2023-03-30 11:13
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This security update of grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
- Bump upstream SBAT generation to 3
- rebuild the package with the new secure boot key (bsc#1209188).
Other:
- Remove zfs modules (bsc#1205554)
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
Patchnames
SUSE-2023-1701,SUSE-SUSE-MicroOS-5.1-2023-1701
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "\nThis security update of grub2 fixes the following issues:\n\n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n- Bump upstream SBAT generation to 3\n\n- rebuild the package with the new secure boot key (bsc#1209188).\n\nOther:\n\n- Remove zfs modules (bsc#1205554)\n- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-1701,SUSE-SUSE-MicroOS-5.1-2023-1701", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1701-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:1701-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20231701-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:1701-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014265.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE Bug 1205200", url: "https://bugzilla.suse.com/1205200", }, { category: "self", summary: "SUSE Bug 1205554", url: "https://bugzilla.suse.com/1205554", }, { category: "self", summary: "SUSE Bug 1209188", url: "https://bugzilla.suse.com/1209188", }, { category: "self", summary: "SUSE Bug 1209829", url: "https://bugzilla.suse.com/1209829", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2023-03-30T11:13:54Z", generator: { date: "2023-03-30T11:13:54Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:1701-1", initial_release_date: "2023-03-30T11:13:54Z", revision_history: [ { date: "2023-03-30T11:13:54Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.04-150300.3.8.1.aarch64", product: { name: "grub2-2.04-150300.3.8.1.aarch64", product_id: "grub2-2.04-150300.3.8.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.3.8.1.aarch64", product: { name: "grub2-branding-upstream-2.04-150300.3.8.1.aarch64", product_id: "grub2-branding-upstream-2.04-150300.3.8.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-arm64-efi-2.04-150300.3.8.1.noarch", product: { name: "grub2-arm64-efi-2.04-150300.3.8.1.noarch", product_id: "grub2-arm64-efi-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-arm64-efi-debug-2.04-150300.3.8.1.noarch", product: { name: "grub2-arm64-efi-debug-2.04-150300.3.8.1.noarch", product_id: "grub2-arm64-efi-debug-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-arm64-efi-extras-2.04-150300.3.8.1.noarch", product: { name: "grub2-arm64-efi-extras-2.04-150300.3.8.1.noarch", product_id: "grub2-arm64-efi-extras-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-2.04-150300.3.8.1.noarch", product: { name: "grub2-i386-pc-2.04-150300.3.8.1.noarch", product_id: "grub2-i386-pc-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.04-150300.3.8.1.noarch", product: { name: "grub2-i386-pc-debug-2.04-150300.3.8.1.noarch", product_id: "grub2-i386-pc-debug-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-extras-2.04-150300.3.8.1.noarch", product: { name: "grub2-i386-pc-extras-2.04-150300.3.8.1.noarch", product_id: "grub2-i386-pc-extras-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.04-150300.3.8.1.noarch", product: { name: "grub2-powerpc-ieee1275-2.04-150300.3.8.1.noarch", product_id: "grub2-powerpc-ieee1275-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-debug-2.04-150300.3.8.1.noarch", product: { name: "grub2-powerpc-ieee1275-debug-2.04-150300.3.8.1.noarch", product_id: "grub2-powerpc-ieee1275-debug-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-extras-2.04-150300.3.8.1.noarch", product: { name: "grub2-powerpc-ieee1275-extras-2.04-150300.3.8.1.noarch", product_id: "grub2-powerpc-ieee1275-extras-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-s390x-emu-extras-2.04-150300.3.8.1.noarch", product: { name: "grub2-s390x-emu-extras-2.04-150300.3.8.1.noarch", product_id: "grub2-s390x-emu-extras-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.04-150300.3.8.1.noarch", product: { name: "grub2-snapper-plugin-2.04-150300.3.8.1.noarch", product_id: "grub2-snapper-plugin-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.04-150300.3.8.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.04-150300.3.8.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.04-150300.3.8.1.noarch", product: { name: "grub2-x86_64-efi-2.04-150300.3.8.1.noarch", product_id: "grub2-x86_64-efi-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.04-150300.3.8.1.noarch", product: { name: "grub2-x86_64-efi-debug-2.04-150300.3.8.1.noarch", product_id: "grub2-x86_64-efi-debug-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-extras-2.04-150300.3.8.1.noarch", product: { name: "grub2-x86_64-efi-extras-2.04-150300.3.8.1.noarch", product_id: "grub2-x86_64-efi-extras-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.04-150300.3.8.1.noarch", product: { name: "grub2-x86_64-xen-2.04-150300.3.8.1.noarch", product_id: "grub2-x86_64-xen-2.04-150300.3.8.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-xen-extras-2.04-150300.3.8.1.noarch", product: { name: "grub2-x86_64-xen-extras-2.04-150300.3.8.1.noarch", product_id: "grub2-x86_64-xen-extras-2.04-150300.3.8.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.04-150300.3.8.1.ppc64le", product: { name: "grub2-2.04-150300.3.8.1.ppc64le", product_id: "grub2-2.04-150300.3.8.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.3.8.1.ppc64le", product: { name: "grub2-branding-upstream-2.04-150300.3.8.1.ppc64le", product_id: "grub2-branding-upstream-2.04-150300.3.8.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.04-150300.3.8.1.s390x", product: { name: "grub2-2.04-150300.3.8.1.s390x", product_id: "grub2-2.04-150300.3.8.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.3.8.1.s390x", product: { name: "grub2-branding-upstream-2.04-150300.3.8.1.s390x", product_id: "grub2-branding-upstream-2.04-150300.3.8.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.04-150300.3.8.1.s390x", product: { name: "grub2-s390x-emu-2.04-150300.3.8.1.s390x", product_id: "grub2-s390x-emu-2.04-150300.3.8.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-debug-2.04-150300.3.8.1.s390x", product: { name: "grub2-s390x-emu-debug-2.04-150300.3.8.1.s390x", product_id: "grub2-s390x-emu-debug-2.04-150300.3.8.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.04-150300.3.8.1.x86_64", product: { name: "grub2-2.04-150300.3.8.1.x86_64", product_id: "grub2-2.04-150300.3.8.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.3.8.1.x86_64", product: { name: "grub2-branding-upstream-2.04-150300.3.8.1.x86_64", product_id: "grub2-branding-upstream-2.04-150300.3.8.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.1", product: { name: "SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.3.8.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.aarch64", }, product_reference: "grub2-2.04-150300.3.8.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.3.8.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.s390x", }, product_reference: "grub2-2.04-150300.3.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.3.8.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.x86_64", }, product_reference: "grub2-2.04-150300.3.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150300.3.8.1.noarch as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-arm64-efi-2.04-150300.3.8.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150300.3.8.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150300.3.8.1.noarch as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-i386-pc-2.04-150300.3.8.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150300.3.8.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.04-150300.3.8.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-s390x-emu-2.04-150300.3.8.1.s390x", }, product_reference: "grub2-s390x-emu-2.04-150300.3.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150300.3.8.1.noarch as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-snapper-plugin-2.04-150300.3.8.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150300.3.8.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150300.3.8.1.noarch as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-efi-2.04-150300.3.8.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150300.3.8.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150300.3.8.1.noarch as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-xen-2.04-150300.3.8.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150300.3.8.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.aarch64", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.x86_64", "SUSE Linux Enterprise Micro 5.1:grub2-arm64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-i386-pc-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-s390x-emu-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-snapper-plugin-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-xen-2.04-150300.3.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.aarch64", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.x86_64", "SUSE Linux Enterprise Micro 5.1:grub2-arm64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-i386-pc-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-s390x-emu-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-snapper-plugin-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-xen-2.04-150300.3.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.aarch64", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.x86_64", "SUSE Linux Enterprise Micro 5.1:grub2-arm64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-i386-pc-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-s390x-emu-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-snapper-plugin-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-xen-2.04-150300.3.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-30T11:13:54Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.aarch64", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.x86_64", "SUSE Linux Enterprise Micro 5.1:grub2-arm64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-i386-pc-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-s390x-emu-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-snapper-plugin-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-xen-2.04-150300.3.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.aarch64", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.x86_64", "SUSE Linux Enterprise Micro 5.1:grub2-arm64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-i386-pc-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-s390x-emu-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-snapper-plugin-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-xen-2.04-150300.3.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.aarch64", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-2.04-150300.3.8.1.x86_64", "SUSE Linux Enterprise Micro 5.1:grub2-arm64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-i386-pc-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-s390x-emu-2.04-150300.3.8.1.s390x", "SUSE Linux Enterprise Micro 5.1:grub2-snapper-plugin-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-efi-2.04-150300.3.8.1.noarch", "SUSE Linux Enterprise Micro 5.1:grub2-x86_64-xen-2.04-150300.3.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-30T11:13:54Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4142-1
Vulnerability from csaf_suse
Published
2022-11-21 08:29
Modified
2022-11-21 08:29
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Patchnames
SUSE-2022-4142,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4142,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4142,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4142,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4142,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4142,SUSE-Storage-6-2022-4142
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\nSecurity Fixes:\n \n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n \nOther:\n\n- Bump upstream SBAT generation to 3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4142,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4142,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4142,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4142,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4142,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4142,SUSE-Storage-6-2022-4142", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4142-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4142-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224142-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4142-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013044.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-11-21T08:29:08Z", generator: { date: "2022-11-21T08:29:08Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4142-1", initial_release_date: "2022-11-21T08:29:08Z", revision_history: [ { date: "2022-11-21T08:29:08Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.02-150100.123.17.1.aarch64", product: { name: "grub2-2.02-150100.123.17.1.aarch64", product_id: "grub2-2.02-150100.123.17.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150100.123.17.1.aarch64", product: { name: "grub2-branding-upstream-2.02-150100.123.17.1.aarch64", product_id: "grub2-branding-upstream-2.02-150100.123.17.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.02-150100.123.17.1.i586", product: { name: "grub2-2.02-150100.123.17.1.i586", product_id: "grub2-2.02-150100.123.17.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150100.123.17.1.i586", product: { name: "grub2-branding-upstream-2.02-150100.123.17.1.i586", product_id: "grub2-branding-upstream-2.02-150100.123.17.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-arm64-efi-2.02-150100.123.17.1.noarch", product: { name: "grub2-arm64-efi-2.02-150100.123.17.1.noarch", product_id: "grub2-arm64-efi-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-efi-2.02-150100.123.17.1.noarch", product: { name: "grub2-i386-efi-2.02-150100.123.17.1.noarch", product_id: "grub2-i386-efi-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-150100.123.17.1.noarch", product: { name: "grub2-i386-pc-2.02-150100.123.17.1.noarch", product_id: "grub2-i386-pc-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-xen-2.02-150100.123.17.1.noarch", product: { name: "grub2-i386-xen-2.02-150100.123.17.1.noarch", product_id: "grub2-i386-xen-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", product: { name: "grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", product_id: "grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", product: { name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", product_id: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", product: { name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", product_id: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", product: { name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", product_id: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.02-150100.123.17.1.ppc64le", product: { name: "grub2-2.02-150100.123.17.1.ppc64le", product_id: "grub2-2.02-150100.123.17.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150100.123.17.1.ppc64le", product: { name: "grub2-branding-upstream-2.02-150100.123.17.1.ppc64le", product_id: "grub2-branding-upstream-2.02-150100.123.17.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.02-150100.123.17.1.s390x", product: { name: "grub2-2.02-150100.123.17.1.s390x", product_id: "grub2-2.02-150100.123.17.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150100.123.17.1.s390x", product: { name: "grub2-branding-upstream-2.02-150100.123.17.1.s390x", product_id: "grub2-branding-upstream-2.02-150100.123.17.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.02-150100.123.17.1.s390x", product: { name: "grub2-s390x-emu-2.02-150100.123.17.1.s390x", product_id: "grub2-s390x-emu-2.02-150100.123.17.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.02-150100.123.17.1.x86_64", product: { name: "grub2-2.02-150100.123.17.1.x86_64", product_id: "grub2-2.02-150100.123.17.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150100.123.17.1.x86_64", product: { name: "grub2-branding-upstream-2.02-150100.123.17.1.x86_64", product_id: "grub2-branding-upstream-2.02-150100.123.17.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-BCL", product: { name: "SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles_bcl:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp1", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 6", product: { name: "SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6", product_identification_helper: { cpe: "cpe:/o:suse:ses:6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.aarch64", }, product_reference: "grub2-2.02-150100.123.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.x86_64", }, product_reference: "grub2-2.02-150100.123.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-i386-pc-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-i386-pc-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", }, product_reference: "grub2-2.02-150100.123.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", }, product_reference: "grub2-2.02-150100.123.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-i386-pc-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-2.02-150100.123.17.1.x86_64", }, product_reference: "grub2-2.02-150100.123.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-i386-pc-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-i386-pc-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", }, product_reference: "grub2-2.02-150100.123.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.ppc64le", }, product_reference: "grub2-2.02-150100.123.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.s390x", }, product_reference: "grub2-2.02-150100.123.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", }, product_reference: "grub2-2.02-150100.123.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-i386-pc-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.02-150100.123.17.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-s390x-emu-2.02-150100.123.17.1.s390x", }, product_reference: "grub2-s390x-emu-2.02-150100.123.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.ppc64le", }, product_reference: "grub2-2.02-150100.123.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.x86_64", }, product_reference: "grub2-2.02-150100.123.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-i386-pc-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-i386-pc-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.aarch64", }, product_reference: "grub2-2.02-150100.123.17.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150100.123.17.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.x86_64", }, product_reference: "grub2-2.02-150100.123.17.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-150100.123.17.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-arm64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150100.123.17.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-i386-pc-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-i386-pc-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-150100.123.17.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.aarch64", "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.x86_64", "SUSE Enterprise Storage 6:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-s390x-emu-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.aarch64", "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.x86_64", "SUSE Enterprise Storage 6:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-s390x-emu-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.aarch64", "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.x86_64", "SUSE Enterprise Storage 6:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-s390x-emu-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:29:08Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.aarch64", "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.x86_64", "SUSE Enterprise Storage 6:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-s390x-emu-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.aarch64", "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.x86_64", "SUSE Enterprise Storage 6:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-s390x-emu-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.aarch64", "SUSE Enterprise Storage 6:grub2-2.02-150100.123.17.1.x86_64", "SUSE Enterprise Storage 6:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Enterprise Storage 6:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-arm64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-s390x-emu-2.02-150100.123.17.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-2.02-150100.123.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-i386-pc-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-powerpc-ieee1275-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-snapper-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-systemd-sleep-plugin-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-efi-2.02-150100.123.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:grub2-x86_64-xen-2.02-150100.123.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:29:08Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4141-1
Vulnerability from csaf_suse
Published
2022-11-21 08:28
Modified
2022-11-21 08:28
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Patchnames
SUSE-2022-4141,SUSE-SLE-Micro-5.3-2022-4141,SUSE-SLE-Module-Basesystem-15-SP4-2022-4141,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4141,SUSE-SLE-Module-Server-Applications-15-SP4-2022-4141,openSUSE-Leap-Micro-5.3-2022-4141,openSUSE-SLE-15.4-2022-4141
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n \nOther:\n\n- Bump upstream SBAT generation to 3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4141,SUSE-SLE-Micro-5.3-2022-4141,SUSE-SLE-Module-Basesystem-15-SP4-2022-4141,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4141,SUSE-SLE-Module-Server-Applications-15-SP4-2022-4141,openSUSE-Leap-Micro-5.3-2022-4141,openSUSE-SLE-15.4-2022-4141", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4141-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4141-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224141-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4141-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013048.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-11-21T08:28:27Z", generator: { date: "2022-11-21T08:28:27Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4141-1", initial_release_date: "2022-11-21T08:28:27Z", revision_history: [ { date: "2022-11-21T08:28:27Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.06-150400.11.17.1.aarch64", product: { name: "grub2-2.06-150400.11.17.1.aarch64", product_id: "grub2-2.06-150400.11.17.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-150400.11.17.1.aarch64", product: { name: "grub2-branding-upstream-2.06-150400.11.17.1.aarch64", product_id: "grub2-branding-upstream-2.06-150400.11.17.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.06-150400.11.17.1.i586", product: { name: "grub2-2.06-150400.11.17.1.i586", product_id: "grub2-2.06-150400.11.17.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-150400.11.17.1.i586", product: { name: "grub2-branding-upstream-2.06-150400.11.17.1.i586", product_id: "grub2-branding-upstream-2.06-150400.11.17.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", product: { name: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", product_id: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", product: { name: "grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", product_id: "grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-efi-2.06-150400.11.17.1.noarch", product: { name: "grub2-i386-efi-2.06-150400.11.17.1.noarch", product_id: "grub2-i386-efi-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-efi-debug-2.06-150400.11.17.1.noarch", product: { name: "grub2-i386-efi-debug-2.06-150400.11.17.1.noarch", product_id: "grub2-i386-efi-debug-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-2.06-150400.11.17.1.noarch", product: { name: "grub2-i386-pc-2.06-150400.11.17.1.noarch", product_id: "grub2-i386-pc-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", product: { name: "grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", product_id: "grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-i386-xen-2.06-150400.11.17.1.noarch", product: { name: "grub2-i386-xen-2.06-150400.11.17.1.noarch", product_id: "grub2-i386-xen-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", product: { name: "grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", product_id: "grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", product: { name: "grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", product_id: "grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch", product: { name: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch", product_id: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch", product: { name: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch", product_id: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", product: { name: "grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", product_id: "grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch", product: { name: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch", product_id: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.06-150400.11.17.1.ppc64le", product: { name: "grub2-2.06-150400.11.17.1.ppc64le", product_id: "grub2-2.06-150400.11.17.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", product: { name: "grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", product_id: "grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.06-150400.11.17.1.s390x", product: { name: "grub2-2.06-150400.11.17.1.s390x", product_id: "grub2-2.06-150400.11.17.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-150400.11.17.1.s390x", product: { name: "grub2-branding-upstream-2.06-150400.11.17.1.s390x", product_id: "grub2-branding-upstream-2.06-150400.11.17.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.06-150400.11.17.1.s390x", product: { name: "grub2-s390x-emu-2.06-150400.11.17.1.s390x", product_id: "grub2-s390x-emu-2.06-150400.11.17.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", product: { name: "grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", product_id: "grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.06-150400.11.17.1.x86_64", product: { name: "grub2-2.06-150400.11.17.1.x86_64", product_id: "grub2-2.06-150400.11.17.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-150400.11.17.1.x86_64", product: { name: "grub2-branding-upstream-2.06-150400.11.17.1.x86_64", product_id: "grub2-branding-upstream-2.06-150400.11.17.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.3", product: { name: "SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp4", }, }, }, { category: "product_name", name: "SUSE Manager Proxy Module 4.3", product: { name: "SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-proxy:4.3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Server Applications 15 SP4", product: { name: "SUSE Linux Enterprise Module for Server Applications 15 SP4", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-server-applications:15:sp4", }, }, }, { category: "product_name", name: "openSUSE Leap Micro 5.3", product: { name: "openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap-micro:5.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", }, product_reference: "grub2-2.06-150400.11.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.s390x as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-2.06-150400.11.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", }, product_reference: "grub2-2.06-150400.11.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-i386-pc-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.06-150400.11.17.1.s390x as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-s390x-emu-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-s390x-emu-2.06-150400.11.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.aarch64", }, product_reference: "grub2-2.06-150400.11.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.ppc64le", }, product_reference: "grub2-2.06-150400.11.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-2.06-150400.11.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.x86_64", }, product_reference: "grub2-2.06-150400.11.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-i386-pc-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-i386-pc-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.06-150400.11.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-s390x-emu-2.06-150400.11.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.06-150400.11.17.1.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP4", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.aarch64 as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", }, product_reference: "grub2-2.06-150400.11.17.1.aarch64", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.x86_64 as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", }, product_reference: "grub2-2.06-150400.11.17.1.x86_64", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.06-150400.11.17.1.noarch as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-150400.11.17.1.noarch as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-i386-pc-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.aarch64", }, product_reference: "grub2-2.06-150400.11.17.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.ppc64le", }, product_reference: "grub2-2.06-150400.11.17.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-2.06-150400.11.17.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-150400.11.17.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.x86_64", }, product_reference: "grub2-2.06-150400.11.17.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-arm64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-150400.11.17.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.aarch64", }, product_reference: "grub2-branding-upstream-2.06-150400.11.17.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-150400.11.17.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", }, product_reference: "grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-150400.11.17.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-branding-upstream-2.06-150400.11.17.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-150400.11.17.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.x86_64", }, product_reference: "grub2-branding-upstream-2.06-150400.11.17.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-i386-pc-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-i386-pc-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-debug-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.06-150400.11.17.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-s390x-emu-2.06-150400.11.17.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", }, product_reference: "grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-efi-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", }, product_reference: "grub2-x86_64-xen-2.06-150400.11.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Manager Proxy Module 4.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Manager Proxy Module 4.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Manager Proxy Module 4.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:28:27Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Manager Proxy Module 4.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Manager Proxy Module 4.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-2.06-150400.11.17.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "SUSE Manager Proxy Module 4.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-arm64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.aarch64", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.ppc64le", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-branding-upstream-2.06-150400.11.17.1.x86_64", "openSUSE Leap 15.4:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-i386-pc-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-s390x-emu-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-s390x-emu-debug-2.06-150400.11.17.1.s390x", "openSUSE Leap 15.4:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-efi-debug-2.06-150400.11.17.1.noarch", "openSUSE Leap 15.4:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.aarch64", "openSUSE Leap Micro 5.3:grub2-2.06-150400.11.17.1.x86_64", "openSUSE Leap Micro 5.3:grub2-arm64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-i386-pc-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-snapper-plugin-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-efi-2.06-150400.11.17.1.noarch", "openSUSE Leap Micro 5.3:grub2-x86_64-xen-2.06-150400.11.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:28:27Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4218-1
Vulnerability from csaf_suse
Published
2022-11-25 08:39
Modified
2022-11-25 08:39
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Patchnames
SUSE-2022-4218,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4218,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4218,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4218,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4218,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4218,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4218,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4218,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4218,SUSE-Storage-7-2022-4218
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n \nOther:\n\n- Bump upstream SBAT generation to 3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4218,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4218,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4218,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4218,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4218,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4218,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4218,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4218,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4218,SUSE-Storage-7-2022-4218", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4218-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4218-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224218-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4218-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013111.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-11-25T08:39:28Z", generator: { date: "2022-11-25T08:39:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4218-1", initial_release_date: "2022-11-25T08:39:28Z", revision_history: [ { date: "2022-11-25T08:39:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.04-150200.9.68.1.aarch64", product: { name: "grub2-2.04-150200.9.68.1.aarch64", product_id: "grub2-2.04-150200.9.68.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150200.9.68.1.aarch64", product: { name: "grub2-branding-upstream-2.04-150200.9.68.1.aarch64", product_id: "grub2-branding-upstream-2.04-150200.9.68.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.04-150200.9.68.1.i586", product: { name: "grub2-2.04-150200.9.68.1.i586", product_id: "grub2-2.04-150200.9.68.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150200.9.68.1.i586", product: { name: "grub2-branding-upstream-2.04-150200.9.68.1.i586", product_id: "grub2-branding-upstream-2.04-150200.9.68.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", product: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", product_id: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-arm64-efi-debug-2.04-150200.9.68.1.noarch", product: { name: "grub2-arm64-efi-debug-2.04-150200.9.68.1.noarch", product_id: "grub2-arm64-efi-debug-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-i386-efi-2.04-150200.9.68.1.noarch", product: { name: "grub2-i386-efi-2.04-150200.9.68.1.noarch", product_id: "grub2-i386-efi-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-i386-efi-debug-2.04-150200.9.68.1.noarch", product: { name: "grub2-i386-efi-debug-2.04-150200.9.68.1.noarch", product_id: "grub2-i386-efi-debug-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-2.04-150200.9.68.1.noarch", product: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch", product_id: "grub2-i386-pc-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.04-150200.9.68.1.noarch", product: { name: "grub2-i386-pc-debug-2.04-150200.9.68.1.noarch", product_id: "grub2-i386-pc-debug-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-i386-xen-2.04-150200.9.68.1.noarch", product: { name: "grub2-i386-xen-2.04-150200.9.68.1.noarch", product_id: "grub2-i386-xen-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", product: { name: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", product_id: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-debug-2.04-150200.9.68.1.noarch", product: { name: "grub2-powerpc-ieee1275-debug-2.04-150200.9.68.1.noarch", product_id: "grub2-powerpc-ieee1275-debug-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", product: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", product_id: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", product: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", product_id: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.04-150200.9.68.1.noarch", product: { name: "grub2-x86_64-efi-debug-2.04-150200.9.68.1.noarch", product_id: "grub2-x86_64-efi-debug-2.04-150200.9.68.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", product: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", product_id: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.04-150200.9.68.1.ppc64le", product: { name: "grub2-2.04-150200.9.68.1.ppc64le", product_id: "grub2-2.04-150200.9.68.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150200.9.68.1.ppc64le", product: { name: "grub2-branding-upstream-2.04-150200.9.68.1.ppc64le", product_id: "grub2-branding-upstream-2.04-150200.9.68.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.04-150200.9.68.1.s390x", product: { name: "grub2-2.04-150200.9.68.1.s390x", product_id: "grub2-2.04-150200.9.68.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150200.9.68.1.s390x", product: { name: "grub2-branding-upstream-2.04-150200.9.68.1.s390x", product_id: "grub2-branding-upstream-2.04-150200.9.68.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.04-150200.9.68.1.s390x", product: { name: "grub2-s390x-emu-2.04-150200.9.68.1.s390x", product_id: "grub2-s390x-emu-2.04-150200.9.68.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-debug-2.04-150200.9.68.1.s390x", product: { name: "grub2-s390x-emu-debug-2.04-150200.9.68.1.s390x", product_id: "grub2-s390x-emu-debug-2.04-150200.9.68.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.04-150200.9.68.1.x86_64", product: { name: "grub2-2.04-150200.9.68.1.x86_64", product_id: "grub2-2.04-150200.9.68.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150200.9.68.1.x86_64", product: { name: "grub2-branding-upstream-2.04-150200.9.68.1.x86_64", product_id: "grub2-branding-upstream-2.04-150200.9.68.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles_bcl:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 4.1", product: { name: "SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.1", }, }, }, { category: "product_name", name: "SUSE Manager Retail Branch Server 4.1", product: { name: "SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-retail-branch-server:4.1", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.1", product: { name: "SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.1", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7", product: { name: "SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7", product_identification_helper: { cpe: "cpe:/o:suse:ses:7", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.aarch64", }, product_reference: "grub2-2.04-150200.9.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", }, product_reference: "grub2-2.04-150200.9.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", }, product_reference: "grub2-2.04-150200.9.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.ppc64le", }, product_reference: "grub2-2.04-150200.9.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.s390x", }, product_reference: "grub2-2.04-150200.9.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.04-150200.9.68.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-s390x-emu-2.04-150200.9.68.1.s390x", }, product_reference: "grub2-s390x-emu-2.04-150200.9.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.ppc64le", }, product_reference: "grub2-2.04-150200.9.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.ppc64le as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.ppc64le", }, product_reference: "grub2-2.04-150200.9.68.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.s390x as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.s390x", }, product_reference: "grub2-2.04-150200.9.68.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.04-150200.9.68.1.s390x as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-s390x-emu-2.04-150200.9.68.1.s390x", }, product_reference: "grub2-s390x-emu-2.04-150200.9.68.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.aarch64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.aarch64", }, product_reference: "grub2-2.04-150200.9.68.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150200.9.68.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.x86_64", }, product_reference: "grub2-2.04-150200.9.68.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150200.9.68.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-arm64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150200.9.68.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-i386-pc-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150200.9.68.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.aarch64", "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.x86_64", "SUSE Enterprise Storage 7:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Proxy 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.aarch64", "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.x86_64", "SUSE Enterprise Storage 7:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Proxy 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.aarch64", "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.x86_64", "SUSE Enterprise Storage 7:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Proxy 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-25T08:39:28Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.aarch64", "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.x86_64", "SUSE Enterprise Storage 7:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Proxy 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.aarch64", "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.x86_64", "SUSE Enterprise Storage 7:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Proxy 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.aarch64", "SUSE Enterprise Storage 7:grub2-2.04-150200.9.68.1.x86_64", "SUSE Enterprise Storage 7:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Enterprise Storage 7:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-2.04-150200.9.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Proxy 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Proxy 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Retail Branch Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.ppc64le", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-2.04-150200.9.68.1.x86_64", "SUSE Manager Server 4.1:grub2-arm64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-i386-pc-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-powerpc-ieee1275-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-s390x-emu-2.04-150200.9.68.1.s390x", "SUSE Manager Server 4.1:grub2-snapper-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-systemd-sleep-plugin-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-efi-2.04-150200.9.68.1.noarch", "SUSE Manager Server 4.1:grub2-x86_64-xen-2.04-150200.9.68.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-25T08:39:28Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4219-1
Vulnerability from csaf_suse
Published
2022-11-25 08:40
Modified
2022-11-25 08:40
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Patchnames
SUSE-2022-4219,SUSE-SLE-Module-Basesystem-15-SP3-2022-4219,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4219,SUSE-SLE-Module-Server-Applications-15-SP3-2022-4219,SUSE-SUSE-MicroOS-5.2-2022-4219,openSUSE-Leap-Micro-5.2-2022-4219,openSUSE-SLE-15.3-2022-4219
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n \nOther:\n\n- Bump upstream SBAT generation to 3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4219,SUSE-SLE-Module-Basesystem-15-SP3-2022-4219,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4219,SUSE-SLE-Module-Server-Applications-15-SP3-2022-4219,SUSE-SUSE-MicroOS-5.2-2022-4219,openSUSE-Leap-Micro-5.2-2022-4219,openSUSE-SLE-15.3-2022-4219", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4219-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4219-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224219-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4219-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013113.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-11-25T08:40:02Z", generator: { date: "2022-11-25T08:40:02Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4219-1", initial_release_date: "2022-11-25T08:40:02Z", revision_history: [ { date: "2022-11-25T08:40:02Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.04-150300.22.25.1.aarch64", product: { name: "grub2-2.04-150300.22.25.1.aarch64", product_id: "grub2-2.04-150300.22.25.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.22.25.1.aarch64", product: { name: "grub2-branding-upstream-2.04-150300.22.25.1.aarch64", product_id: "grub2-branding-upstream-2.04-150300.22.25.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.04-150300.22.25.1.i586", product: { name: "grub2-2.04-150300.22.25.1.i586", product_id: "grub2-2.04-150300.22.25.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.22.25.1.i586", product: { name: "grub2-branding-upstream-2.04-150300.22.25.1.i586", product_id: "grub2-branding-upstream-2.04-150300.22.25.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", product: { name: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", product_id: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", product: { name: "grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", product_id: "grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-i386-efi-2.04-150300.22.25.1.noarch", product: { name: "grub2-i386-efi-2.04-150300.22.25.1.noarch", product_id: "grub2-i386-efi-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-i386-efi-debug-2.04-150300.22.25.1.noarch", product: { name: "grub2-i386-efi-debug-2.04-150300.22.25.1.noarch", product_id: "grub2-i386-efi-debug-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-2.04-150300.22.25.1.noarch", product: { name: "grub2-i386-pc-2.04-150300.22.25.1.noarch", product_id: "grub2-i386-pc-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", product: { name: "grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", product_id: "grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-i386-xen-2.04-150300.22.25.1.noarch", product: { name: "grub2-i386-xen-2.04-150300.22.25.1.noarch", product_id: "grub2-i386-xen-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", product: { name: "grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", product_id: "grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", product: { name: "grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", product_id: "grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch", product: { name: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch", product_id: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch", product: { name: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch", product_id: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", product: { name: "grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", product_id: "grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch", product: { name: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch", product_id: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.04-150300.22.25.1.ppc64le", product: { name: "grub2-2.04-150300.22.25.1.ppc64le", product_id: "grub2-2.04-150300.22.25.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", product: { name: "grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", product_id: "grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.04-150300.22.25.1.s390x", product: { name: "grub2-2.04-150300.22.25.1.s390x", product_id: "grub2-2.04-150300.22.25.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.22.25.1.s390x", product: { name: "grub2-branding-upstream-2.04-150300.22.25.1.s390x", product_id: "grub2-branding-upstream-2.04-150300.22.25.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.04-150300.22.25.1.s390x", product: { name: "grub2-s390x-emu-2.04-150300.22.25.1.s390x", product_id: "grub2-s390x-emu-2.04-150300.22.25.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", product: { name: "grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", product_id: "grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.04-150300.22.25.1.x86_64", product: { name: "grub2-2.04-150300.22.25.1.x86_64", product_id: "grub2-2.04-150300.22.25.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.04-150300.22.25.1.x86_64", product: { name: "grub2-branding-upstream-2.04-150300.22.25.1.x86_64", product_id: "grub2-branding-upstream-2.04-150300.22.25.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp3", }, }, }, { category: "product_name", name: "SUSE Manager Proxy Module 4.2", product: { name: "SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-proxy:4.2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Server Applications 15 SP3", product: { name: "SUSE Linux Enterprise Module for Server Applications 15 SP3", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-server-applications:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.2", product: { name: "SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.2", }, }, }, { category: "product_name", name: "openSUSE Leap Micro 5.2", product: { name: "openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap-micro:5.2", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.aarch64", }, product_reference: "grub2-2.04-150300.22.25.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.ppc64le", }, product_reference: "grub2-2.04-150300.22.25.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-2.04-150300.22.25.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.x86_64", }, product_reference: "grub2-2.04-150300.22.25.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-i386-pc-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.04-150300.22.25.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-s390x-emu-2.04-150300.22.25.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150300.22.25.1.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP3", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", }, product_reference: "grub2-2.04-150300.22.25.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.s390x as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-2.04-150300.22.25.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", }, product_reference: "grub2-2.04-150300.22.25.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.04-150300.22.25.1.s390x as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-s390x-emu-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-s390x-emu-2.04-150300.22.25.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.aarch64 as component of openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", }, product_reference: "grub2-2.04-150300.22.25.1.aarch64", relates_to_product_reference: "openSUSE Leap Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.x86_64 as component of openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", }, product_reference: "grub2-2.04-150300.22.25.1.x86_64", relates_to_product_reference: "openSUSE Leap Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150300.22.25.1.noarch as component of openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150300.22.25.1.noarch as component of openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch as component of openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch as component of openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch as component of openSUSE Leap Micro 5.2", product_id: "openSUSE Leap Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.aarch64", }, product_reference: "grub2-2.04-150300.22.25.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.ppc64le", }, product_reference: "grub2-2.04-150300.22.25.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-2.04-150300.22.25.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-2.04-150300.22.25.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.x86_64", }, product_reference: "grub2-2.04-150300.22.25.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-arm64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.04-150300.22.25.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.aarch64", }, product_reference: "grub2-branding-upstream-2.04-150300.22.25.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.04-150300.22.25.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", }, product_reference: "grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.04-150300.22.25.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-branding-upstream-2.04-150300.22.25.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.04-150300.22.25.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.x86_64", }, product_reference: "grub2-branding-upstream-2.04-150300.22.25.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-i386-pc-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-i386-pc-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-debug-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.04-150300.22.25.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-s390x-emu-2.04-150300.22.25.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", }, product_reference: "grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-snapper-plugin-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-efi-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", }, product_reference: "grub2-x86_64-xen-2.04-150300.22.25.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Manager Proxy Module 4.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Manager Proxy Module 4.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Manager Proxy Module 4.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-25T08:40:02Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Manager Proxy Module 4.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Manager Proxy Module 4.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-2.04-150300.22.25.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "SUSE Linux Enterprise Module for Server Applications 15 SP3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "SUSE Manager Proxy Module 4.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-arm64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.aarch64", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.ppc64le", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-branding-upstream-2.04-150300.22.25.1.x86_64", "openSUSE Leap 15.3:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-i386-pc-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-s390x-emu-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-s390x-emu-debug-2.04-150300.22.25.1.s390x", "openSUSE Leap 15.3:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-systemd-sleep-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-efi-debug-2.04-150300.22.25.1.noarch", "openSUSE Leap 15.3:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.aarch64", "openSUSE Leap Micro 5.2:grub2-2.04-150300.22.25.1.x86_64", "openSUSE Leap Micro 5.2:grub2-arm64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-i386-pc-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-snapper-plugin-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-efi-2.04-150300.22.25.1.noarch", "openSUSE Leap Micro 5.2:grub2-x86_64-xen-2.04-150300.22.25.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-11-25T08:40:02Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4144-1
Vulnerability from csaf_suse
Published
2022-11-21 08:29
Modified
2022-11-21 08:29
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Patchnames
SUSE-2022-4144,SUSE-SLE-SERVER-12-SP2-BCL-2022-4144
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\nSecurity Fixes:\n \n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n \nOther:\n\n- Bump upstream SBAT generation to 3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4144,SUSE-SLE-SERVER-12-SP2-BCL-2022-4144", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4144-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4144-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224144-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4144-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013042.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-11-21T08:29:34Z", generator: { date: "2022-11-21T08:29:34Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4144-1", initial_release_date: "2022-11-21T08:29:34Z", revision_history: [ { date: "2022-11-21T08:29:34Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.02-115.72.1.aarch64", product: { name: "grub2-2.02-115.72.1.aarch64", product_id: "grub2-2.02-115.72.1.aarch64", }, }, { category: "product_version", name: "grub2-arm64-efi-2.02-115.72.1.aarch64", product: { name: "grub2-arm64-efi-2.02-115.72.1.aarch64", product_id: "grub2-arm64-efi-2.02-115.72.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-115.72.1.aarch64", product: { name: "grub2-branding-upstream-2.02-115.72.1.aarch64", product_id: "grub2-branding-upstream-2.02-115.72.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.02-115.72.1.i586", product: { name: "grub2-2.02-115.72.1.i586", product_id: "grub2-2.02-115.72.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-115.72.1.i586", product: { name: "grub2-branding-upstream-2.02-115.72.1.i586", product_id: "grub2-branding-upstream-2.02-115.72.1.i586", }, }, { category: "product_version", name: "grub2-i386-efi-2.02-115.72.1.i586", product: { name: "grub2-i386-efi-2.02-115.72.1.i586", product_id: "grub2-i386-efi-2.02-115.72.1.i586", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-115.72.1.i586", product: { name: "grub2-i386-pc-2.02-115.72.1.i586", product_id: "grub2-i386-pc-2.02-115.72.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-snapper-plugin-2.02-115.72.1.noarch", product: { name: "grub2-snapper-plugin-2.02-115.72.1.noarch", product_id: "grub2-snapper-plugin-2.02-115.72.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.02-115.72.1.ppc64le", product: { name: "grub2-2.02-115.72.1.ppc64le", product_id: "grub2-2.02-115.72.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-115.72.1.ppc64le", product: { name: "grub2-branding-upstream-2.02-115.72.1.ppc64le", product_id: "grub2-branding-upstream-2.02-115.72.1.ppc64le", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.02-115.72.1.ppc64le", product: { name: "grub2-powerpc-ieee1275-2.02-115.72.1.ppc64le", product_id: "grub2-powerpc-ieee1275-2.02-115.72.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.02-115.72.1.s390x", product: { name: "grub2-2.02-115.72.1.s390x", product_id: "grub2-2.02-115.72.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-115.72.1.s390x", product: { name: "grub2-branding-upstream-2.02-115.72.1.s390x", product_id: "grub2-branding-upstream-2.02-115.72.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.02-115.72.1.s390x", product: { name: "grub2-s390x-emu-2.02-115.72.1.s390x", product_id: "grub2-s390x-emu-2.02-115.72.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.02-115.72.1.x86_64", product: { name: "grub2-2.02-115.72.1.x86_64", product_id: "grub2-2.02-115.72.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-115.72.1.x86_64", product: { name: "grub2-branding-upstream-2.02-115.72.1.x86_64", product_id: "grub2-branding-upstream-2.02-115.72.1.x86_64", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-115.72.1.x86_64", product: { name: "grub2-i386-pc-2.02-115.72.1.x86_64", product_id: "grub2-i386-pc-2.02-115.72.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.02-115.72.1.x86_64", product: { name: "grub2-x86_64-efi-2.02-115.72.1.x86_64", product_id: "grub2-x86_64-efi-2.02-115.72.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.02-115.72.1.x86_64", product: { name: "grub2-x86_64-xen-2.02-115.72.1.x86_64", product_id: "grub2-x86_64-xen-2.02-115.72.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.02-115.72.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-2.02-115.72.1.x86_64", }, product_reference: "grub2-2.02-115.72.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-115.72.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-i386-pc-2.02-115.72.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-115.72.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-115.72.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-snapper-plugin-2.02-115.72.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-115.72.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-115.72.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-115.72.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-efi-2.02-115.72.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-115.72.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-115.72.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-xen-2.02-115.72.1.x86_64", }, product_reference: "grub2-x86_64-xen-2.02-115.72.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-i386-pc-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-snapper-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-efi-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-xen-2.02-115.72.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-i386-pc-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-snapper-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-efi-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-xen-2.02-115.72.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-i386-pc-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-snapper-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-efi-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-xen-2.02-115.72.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:29:34Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-i386-pc-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-snapper-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-efi-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-xen-2.02-115.72.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-i386-pc-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-snapper-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-efi-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-xen-2.02-115.72.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-i386-pc-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-snapper-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-systemd-sleep-plugin-2.02-115.72.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-efi-2.02-115.72.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:grub2-x86_64-xen-2.02-115.72.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:29:34Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4140-1
Vulnerability from csaf_suse
Published
2022-11-21 08:27
Modified
2022-11-21 08:27
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Patchnames
SUSE-2022-4140,SUSE-SLE-Product-HPC-15-2022-4140,SUSE-SLE-Product-SLES-15-2022-4140,SUSE-SLE-Product-SLES_SAP-15-2022-4140
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n\nOther:\n\n- Bump upstream SBAT generation to 3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4140,SUSE-SLE-Product-HPC-15-2022-4140,SUSE-SLE-Product-SLES-15-2022-4140,SUSE-SLE-Product-SLES_SAP-15-2022-4140", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4140-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4140-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224140-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4140-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013041.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-11-21T08:27:41Z", generator: { date: "2022-11-21T08:27:41Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4140-1", initial_release_date: "2022-11-21T08:27:41Z", revision_history: [ { date: "2022-11-21T08:27:41Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.02-150000.122.17.1.aarch64", product: { name: "grub2-2.02-150000.122.17.1.aarch64", product_id: "grub2-2.02-150000.122.17.1.aarch64", }, }, { category: "product_version", name: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64", product: { name: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64", product_id: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150000.122.17.1.aarch64", product: { name: "grub2-branding-upstream-2.02-150000.122.17.1.aarch64", product_id: "grub2-branding-upstream-2.02-150000.122.17.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.02-150000.122.17.1.i586", product: { name: "grub2-2.02-150000.122.17.1.i586", product_id: "grub2-2.02-150000.122.17.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150000.122.17.1.i586", product: { name: "grub2-branding-upstream-2.02-150000.122.17.1.i586", product_id: "grub2-branding-upstream-2.02-150000.122.17.1.i586", }, }, { category: "product_version", name: "grub2-i386-efi-2.02-150000.122.17.1.i586", product: { name: "grub2-i386-efi-2.02-150000.122.17.1.i586", product_id: "grub2-i386-efi-2.02-150000.122.17.1.i586", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-150000.122.17.1.i586", product: { name: "grub2-i386-pc-2.02-150000.122.17.1.i586", product_id: "grub2-i386-pc-2.02-150000.122.17.1.i586", }, }, { category: "product_version", name: "grub2-i386-xen-2.02-150000.122.17.1.i586", product: { name: "grub2-i386-xen-2.02-150000.122.17.1.i586", product_id: "grub2-i386-xen-2.02-150000.122.17.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch", product: { name: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch", product_id: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.02-150000.122.17.1.ppc64le", product: { name: "grub2-2.02-150000.122.17.1.ppc64le", product_id: "grub2-2.02-150000.122.17.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150000.122.17.1.ppc64le", product: { name: "grub2-branding-upstream-2.02-150000.122.17.1.ppc64le", product_id: "grub2-branding-upstream-2.02-150000.122.17.1.ppc64le", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", product: { name: "grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", product_id: "grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.02-150000.122.17.1.s390x", product: { name: "grub2-2.02-150000.122.17.1.s390x", product_id: "grub2-2.02-150000.122.17.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150000.122.17.1.s390x", product: { name: "grub2-branding-upstream-2.02-150000.122.17.1.s390x", product_id: "grub2-branding-upstream-2.02-150000.122.17.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.02-150000.122.17.1.s390x", product: { name: "grub2-s390x-emu-2.02-150000.122.17.1.s390x", product_id: "grub2-s390x-emu-2.02-150000.122.17.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.02-150000.122.17.1.x86_64", product: { name: "grub2-2.02-150000.122.17.1.x86_64", product_id: "grub2-2.02-150000.122.17.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-150000.122.17.1.x86_64", product: { name: "grub2-branding-upstream-2.02-150000.122.17.1.x86_64", product_id: "grub2-branding-upstream-2.02-150000.122.17.1.x86_64", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-150000.122.17.1.x86_64", product: { name: "grub2-i386-pc-2.02-150000.122.17.1.x86_64", product_id: "grub2-i386-pc-2.02-150000.122.17.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", product: { name: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", product_id: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", product: { name: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", product_id: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15-LTSS", product: { name: "SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.aarch64", }, product_reference: "grub2-2.02-150000.122.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", }, product_reference: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", }, product_reference: "grub2-2.02-150000.122.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", }, product_reference: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", }, product_reference: "grub2-2.02-150000.122.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.ppc64le", }, product_reference: "grub2-2.02-150000.122.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.s390x", }, product_reference: "grub2-2.02-150000.122.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", }, product_reference: "grub2-arm64-efi-2.02-150000.122.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", }, product_reference: "grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.02-150000.122.17.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-s390x-emu-2.02-150000.122.17.1.s390x", }, product_reference: "grub2-s390x-emu-2.02-150000.122.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.ppc64le", }, product_reference: "grub2-2.02-150000.122.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-i386-pc-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", }, product_reference: "grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", }, product_reference: "grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-s390x-emu-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-s390x-emu-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-s390x-emu-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:27:41Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-s390x-emu-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-s390x-emu-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-arm64-efi-2.02-150000.122.17.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:grub2-s390x-emu-2.02-150000.122.17.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-i386-pc-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-powerpc-ieee1275-2.02-150000.122.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-snapper-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-systemd-sleep-plugin-2.02-150000.122.17.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-efi-2.02-150000.122.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:grub2-x86_64-xen-2.02-150000.122.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:27:41Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4302-1
Vulnerability from csaf_suse
Published
2022-12-01 08:11
Modified
2022-12-01 08:11
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520).
- Remove zfs modules (bsc#1205554).
Patchnames
SUSE-2022-4302,SUSE-OpenStack-Cloud-9-2022-4302,SUSE-OpenStack-Cloud-Crowbar-9-2022-4302,SUSE-SLE-SAP-12-SP4-2022-4302,SUSE-SLE-SERVER-12-SP4-LTSS-2022-4302,SUSE-SLE-SERVER-12-SP5-2022-4302
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\nSecurity Fixes:\n \n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n \nOther:\n\n- Bump upstream SBAT generation to 3\n- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520).\n- Remove zfs modules (bsc#1205554).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4302,SUSE-OpenStack-Cloud-9-2022-4302,SUSE-OpenStack-Cloud-Crowbar-9-2022-4302,SUSE-SLE-SAP-12-SP4-2022-4302,SUSE-SLE-SERVER-12-SP4-LTSS-2022-4302,SUSE-SLE-SERVER-12-SP5-2022-4302", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4302-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4302-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224302-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4302-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013179.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE Bug 1205520", url: "https://bugzilla.suse.com/1205520", }, { category: "self", summary: "SUSE Bug 1205554", url: "https://bugzilla.suse.com/1205554", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-12-01T08:11:14Z", generator: { date: "2022-12-01T08:11:14Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4302-1", initial_release_date: "2022-12-01T08:11:14Z", revision_history: [ { date: "2022-12-01T08:11:14Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.02-153.1.aarch64", product: { name: "grub2-2.02-153.1.aarch64", product_id: "grub2-2.02-153.1.aarch64", }, }, { category: "product_version", name: "grub2-arm64-efi-2.02-153.1.aarch64", product: { name: "grub2-arm64-efi-2.02-153.1.aarch64", product_id: "grub2-arm64-efi-2.02-153.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-153.1.aarch64", product: { name: "grub2-branding-upstream-2.02-153.1.aarch64", product_id: "grub2-branding-upstream-2.02-153.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.02-153.1.i586", product: { name: "grub2-2.02-153.1.i586", product_id: "grub2-2.02-153.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-153.1.i586", product: { name: "grub2-branding-upstream-2.02-153.1.i586", product_id: "grub2-branding-upstream-2.02-153.1.i586", }, }, { category: "product_version", name: "grub2-i386-efi-2.02-153.1.i586", product: { name: "grub2-i386-efi-2.02-153.1.i586", product_id: "grub2-i386-efi-2.02-153.1.i586", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-153.1.i586", product: { name: "grub2-i386-pc-2.02-153.1.i586", product_id: "grub2-i386-pc-2.02-153.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-snapper-plugin-2.02-153.1.noarch", product: { name: "grub2-snapper-plugin-2.02-153.1.noarch", product_id: "grub2-snapper-plugin-2.02-153.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.02-153.1.noarch", product: { name: "grub2-x86_64-xen-2.02-153.1.noarch", product_id: "grub2-x86_64-xen-2.02-153.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.02-153.1.ppc64le", product: { name: "grub2-2.02-153.1.ppc64le", product_id: "grub2-2.02-153.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-153.1.ppc64le", product: { name: "grub2-branding-upstream-2.02-153.1.ppc64le", product_id: "grub2-branding-upstream-2.02-153.1.ppc64le", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le", product: { name: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le", product_id: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.02-153.1.s390x", product: { name: "grub2-2.02-153.1.s390x", product_id: "grub2-2.02-153.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-153.1.s390x", product: { name: "grub2-branding-upstream-2.02-153.1.s390x", product_id: "grub2-branding-upstream-2.02-153.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.02-153.1.s390x", product: { name: "grub2-s390x-emu-2.02-153.1.s390x", product_id: "grub2-s390x-emu-2.02-153.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.02-153.1.x86_64", product: { name: "grub2-2.02-153.1.x86_64", product_id: "grub2-2.02-153.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-153.1.x86_64", product: { name: "grub2-branding-upstream-2.02-153.1.x86_64", product_id: "grub2-branding-upstream-2.02-153.1.x86_64", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-153.1.x86_64", product: { name: "grub2-i386-pc-2.02-153.1.x86_64", product_id: "grub2-i386-pc-2.02-153.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.02-153.1.x86_64", product: { name: "grub2-x86_64-efi-2.02-153.1.x86_64", product_id: "grub2-x86_64-efi-2.02-153.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 9", product: { name: "SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:9", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 9", product: { name: "SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:9", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:grub2-2.02-153.1.x86_64", }, product_reference: "grub2-2.02-153.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-153.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:grub2-i386-pc-2.02-153.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-153.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-153.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:grub2-snapper-plugin-2.02-153.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-153.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:grub2-x86_64-efi-2.02-153.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-153.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-153.1.noarch as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:grub2-x86_64-xen-2.02-153.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-153.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:grub2-2.02-153.1.x86_64", }, product_reference: "grub2-2.02-153.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-153.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:grub2-i386-pc-2.02-153.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-153.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-153.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:grub2-snapper-plugin-2.02-153.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-153.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-efi-2.02-153.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-153.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-153.1.noarch as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-xen-2.02-153.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-153.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.ppc64le", }, product_reference: "grub2-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.x86_64", }, product_reference: "grub2-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-i386-pc-2.02-153.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", }, product_reference: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-snapper-plugin-2.02-153.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-systemd-sleep-plugin-2.02-153.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-efi-2.02-153.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-153.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-xen-2.02-153.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.aarch64", }, product_reference: "grub2-2.02-153.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.ppc64le", }, product_reference: "grub2-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.s390x", }, product_reference: "grub2-2.02-153.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.x86_64", }, product_reference: "grub2-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-153.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-arm64-efi-2.02-153.1.aarch64", }, product_reference: "grub2-arm64-efi-2.02-153.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-i386-pc-2.02-153.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", }, product_reference: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.02-153.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-s390x-emu-2.02-153.1.s390x", }, product_reference: "grub2-s390x-emu-2.02-153.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-snapper-plugin-2.02-153.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-systemd-sleep-plugin-2.02-153.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-efi-2.02-153.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-153.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-xen-2.02-153.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.aarch64", }, product_reference: "grub2-2.02-153.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.ppc64le", }, product_reference: "grub2-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.s390x", }, product_reference: "grub2-2.02-153.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.x86_64", }, product_reference: "grub2-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-153.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", }, product_reference: "grub2-arm64-efi-2.02-153.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", }, product_reference: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.02-153.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", }, product_reference: "grub2-s390x-emu-2.02-153.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-153.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.aarch64", }, product_reference: "grub2-2.02-153.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.ppc64le", }, product_reference: "grub2-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.s390x", }, product_reference: "grub2-2.02-153.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.x86_64", }, product_reference: "grub2-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-arm64-efi-2.02-153.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", }, product_reference: "grub2-arm64-efi-2.02-153.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", }, product_reference: "grub2-powerpc-ieee1275-2.02-153.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-s390x-emu-2.02-153.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", }, product_reference: "grub2-s390x-emu-2.02-153.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-153.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-153.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-153.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-153.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", }, product_reference: "grub2-x86_64-xen-2.02-153.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-xen-2.02-153.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-xen-2.02-153.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-xen-2.02-153.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-12-01T08:11:14Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-xen-2.02-153.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-xen-2.02-153.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-arm64-efi-2.02-153.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-i386-pc-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-powerpc-ieee1275-2.02-153.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-s390x-emu-2.02-153.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud 9:grub2-x86_64-xen-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-i386-pc-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-snapper-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-systemd-sleep-plugin-2.02-153.1.noarch", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-efi-2.02-153.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:grub2-x86_64-xen-2.02-153.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-12-01T08:11:14Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
suse-su-2022:4143-1
Vulnerability from csaf_suse
Published
2022-11-21 08:29
Modified
2022-11-21 08:29
Summary
Security update for grub2
Notes
Title of the patch
Security update for grub2
Description of the patch
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
Patchnames
SUSE-2022-4143,SUSE-SLE-SERVER-12-SP3-BCL-2022-4143
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grub2", title: "Title of the patch", }, { category: "description", text: "This update for grub2 fixes the following issues:\n\nSecurity Fixes:\n \n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n \nOther:\n\n- Bump upstream SBAT generation to 3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-4143,SUSE-SLE-SERVER-12-SP3-BCL-2022-4143", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4143-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:4143-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20224143-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:4143-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013046.html", }, { category: "self", summary: "SUSE Bug 1205178", url: "https://bugzilla.suse.com/1205178", }, { category: "self", summary: "SUSE Bug 1205182", url: "https://bugzilla.suse.com/1205182", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "Security update for grub2", tracking: { current_release_date: "2022-11-21T08:29:23Z", generator: { date: "2022-11-21T08:29:23Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:4143-1", initial_release_date: "2022-11-21T08:29:23Z", revision_history: [ { date: "2022-11-21T08:29:23Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.02-142.1.aarch64", product: { name: "grub2-2.02-142.1.aarch64", product_id: "grub2-2.02-142.1.aarch64", }, }, { category: "product_version", name: "grub2-arm64-efi-2.02-142.1.aarch64", product: { name: "grub2-arm64-efi-2.02-142.1.aarch64", product_id: "grub2-arm64-efi-2.02-142.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-142.1.aarch64", product: { name: "grub2-branding-upstream-2.02-142.1.aarch64", product_id: "grub2-branding-upstream-2.02-142.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.02-142.1.i586", product: { name: "grub2-2.02-142.1.i586", product_id: "grub2-2.02-142.1.i586", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-142.1.i586", product: { name: "grub2-branding-upstream-2.02-142.1.i586", product_id: "grub2-branding-upstream-2.02-142.1.i586", }, }, { category: "product_version", name: "grub2-i386-efi-2.02-142.1.i586", product: { name: "grub2-i386-efi-2.02-142.1.i586", product_id: "grub2-i386-efi-2.02-142.1.i586", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-142.1.i586", product: { name: "grub2-i386-pc-2.02-142.1.i586", product_id: "grub2-i386-pc-2.02-142.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grub2-snapper-plugin-2.02-142.1.noarch", product: { name: "grub2-snapper-plugin-2.02-142.1.noarch", product_id: "grub2-snapper-plugin-2.02-142.1.noarch", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.02-142.1.noarch", product: { name: "grub2-systemd-sleep-plugin-2.02-142.1.noarch", product_id: "grub2-systemd-sleep-plugin-2.02-142.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grub2-2.02-142.1.ppc64le", product: { name: "grub2-2.02-142.1.ppc64le", product_id: "grub2-2.02-142.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-142.1.ppc64le", product: { name: "grub2-branding-upstream-2.02-142.1.ppc64le", product_id: "grub2-branding-upstream-2.02-142.1.ppc64le", }, }, { category: "product_version", name: "grub2-powerpc-ieee1275-2.02-142.1.ppc64le", product: { name: "grub2-powerpc-ieee1275-2.02-142.1.ppc64le", product_id: "grub2-powerpc-ieee1275-2.02-142.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.02-142.1.s390x", product: { name: "grub2-2.02-142.1.s390x", product_id: "grub2-2.02-142.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-142.1.s390x", product: { name: "grub2-branding-upstream-2.02-142.1.s390x", product_id: "grub2-branding-upstream-2.02-142.1.s390x", }, }, { category: "product_version", name: "grub2-s390x-emu-2.02-142.1.s390x", product: { name: "grub2-s390x-emu-2.02-142.1.s390x", product_id: "grub2-s390x-emu-2.02-142.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.02-142.1.x86_64", product: { name: "grub2-2.02-142.1.x86_64", product_id: "grub2-2.02-142.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.02-142.1.x86_64", product: { name: "grub2-branding-upstream-2.02-142.1.x86_64", product_id: "grub2-branding-upstream-2.02-142.1.x86_64", }, }, { category: "product_version", name: "grub2-i386-pc-2.02-142.1.x86_64", product: { name: "grub2-i386-pc-2.02-142.1.x86_64", product_id: "grub2-i386-pc-2.02-142.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.02-142.1.x86_64", product: { name: "grub2-x86_64-efi-2.02-142.1.x86_64", product_id: "grub2-x86_64-efi-2.02-142.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.02-142.1.x86_64", product: { name: "grub2-x86_64-xen-2.02-142.1.x86_64", product_id: "grub2-x86_64-xen-2.02-142.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.02-142.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-2.02-142.1.x86_64", }, product_reference: "grub2-2.02-142.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.02-142.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-i386-pc-2.02-142.1.x86_64", }, product_reference: "grub2-i386-pc-2.02-142.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.02-142.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-snapper-plugin-2.02-142.1.noarch", }, product_reference: "grub2-snapper-plugin-2.02-142.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.02-142.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-systemd-sleep-plugin-2.02-142.1.noarch", }, product_reference: "grub2-systemd-sleep-plugin-2.02-142.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.02-142.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-efi-2.02-142.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.02-142.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.02-142.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-xen-2.02-142.1.x86_64", }, product_reference: "grub2-x86_64-xen-2.02-142.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-i386-pc-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-snapper-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-systemd-sleep-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-efi-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-xen-2.02-142.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-i386-pc-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-snapper-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-systemd-sleep-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-efi-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-xen-2.02-142.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-i386-pc-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-snapper-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-systemd-sleep-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-efi-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-xen-2.02-142.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:29:23Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-i386-pc-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-snapper-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-systemd-sleep-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-efi-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-xen-2.02-142.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-i386-pc-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-snapper-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-systemd-sleep-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-efi-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-xen-2.02-142.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-i386-pc-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-snapper-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-systemd-sleep-plugin-2.02-142.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-efi-2.02-142.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:grub2-x86_64-xen-2.02-142.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-11-21T08:29:23Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
gsd-2022-2601
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-2601", description: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", id: "GSD-2022-2601", references: [ "https://www.debian.org/security/2022/dsa-5280", "https://access.redhat.com/errata/RHSA-2022:8494", "https://access.redhat.com/errata/RHSA-2022:8800", "https://access.redhat.com/errata/RHSA-2022:8978", "https://access.redhat.com/errata/RHSA-2023:0047", "https://access.redhat.com/errata/RHSA-2023:0048", "https://access.redhat.com/errata/RHSA-2023:0049", "https://www.suse.com/security/cve/CVE-2022-2601.html", "https://access.redhat.com/errata/RHSA-2023:0752", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-2601", ], details: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", id: "GSD-2022-2601", modified: "2023-12-13T01:19:20.189496Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-2601", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grub2", version: { version_data: [ { version_value: "grub2 2.06 and lower", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122->CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", }, { name: "https://security.netapp.com/advisory/ntap-20230203-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20230203-0004/", }, { name: "GLSA-202311-14", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202311-14", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.06", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-2601", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-122", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", refsource: "MISC", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", }, { name: "https://security.netapp.com/advisory/ntap-20230203-0004/", refsource: "CONFIRM", tags: [], url: "https://security.netapp.com/advisory/ntap-20230203-0004/", }, { name: "GLSA-202311-14", refsource: "", tags: [], url: "https://security.gentoo.org/glsa/202311-14", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, }, }, lastModifiedDate: "2023-11-25T12:15Z", publishedDate: "2022-12-14T21:15Z", }, }, }
ncsc-2024-0334
Vulnerability from csaf_ncscnl
Published
2024-08-13 18:19
Modified
2024-08-27 07:59
Summary
Kwetsbaarheden verholpen in Microsoft Windows
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Microsoft heeft kwetsbaarheden verholpen in Windows.
Interpretaties
Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service
- Omzeilen van beveiligingsmaatregel
- Manipuleren van gegevens
- Verkrijgen van verhoogde rechten
- Spoofing
- Uitvoeren van willekeurige code (root/administrator rechten)
- Uitvoeren van willekeurige code (Gebruikersrechten)
- Toegang tot systeemgegevens
Van de kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107, CVE-2024-38178 en CVE-2024-38193 geeft Microsoft aan informatie te hebben dat deze actief zijn misbruikt.
De kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107 en CVE-2024-38193 bevinden zich respectievelijk in de Kernel, de Power Dependency Coördinator en de Ancillary Function Driver for WinSock en stellen een lokale, geauthenticeerde kwaadwillende in staat om zich verhoogde rechten toe te kennen en code uit te voeren met SYSTEM rechten.
De kwetsbaarheid met kenmerk CVE-2024-38178 bevindt zich in de Scripting Engine en stelt een kwaadwillende in staat om willekeurige code uit te voeren met rechten van het slachtoffer. Succesvol misbruik vereist wel dat de kwaadwillende het slachtoffer misleidt om de Edge browser in 'Internet Explorer mode' laat draaien.
Van de genoemde kwetsbaarheden is geen publieke Proof-of-Concept-code of exploit beschikbaar. Het vermoeden van het NCSC is echter dat deze wel op korte termijn publiek beschikbaar zal komen. Grootschalig actief misbruik is minder waarschijnlijk, vanwege de beperkende voorwaarden van misbruik.
De ernstigste kwetsbaarheid heeft kenmerk CVE-2024-38063 toegewezen gekregen en bevindt zich in de wijze waarop Windows het IPv6 Protocol verwerkt. Een kwaadwillende kan zonder voorafgaande authenticatie op afstand willekeurige code uitvoeren op het kwetsbare systeem door het herhaaldelijk verzenden van speciaal geprepareerde IPv6 packets. IPv6 is standaard actief. Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd waarmee de kwetsbaarheid kan worden aangetoond. De PoC code vereist dat het doelwit onder controle is van de onderzoeker en veroorzaakt op dit moment hooguit een memory corruption wat resulteert in een crash van het systeem. Uitvoer van willekeurige code wordt niet bereikt. De kans op grootschalig misbruik wordt hiermee groter, maar door de beperkende voorwaarde om de PoC werkend te krijgen is deze PoC niet zondermeer grootschalig op internet in te zetten. Microsoft is niet op de hoogte dat de kwetsbaarheid actief wordt misbruikt. Microsoft adviseert om als mitigerende maatregel IPv6 uit te schakelen indien dit niet strikt noodzakelijk is.
De kwetsbaarheden met kenmerk CVE-2024-21302 en CVE-2024-38202 zijn op de laatste BlackHat Conference gepubliceerd door de onderzoeker die ze ontdekt heeft. Deze kwetsbaarheden worden in de gegevens van deze maandelijkse update wel genoemd, maar in deze update worden ze niet verholpen.
Microsoft geeft aan nog aan een oplossing te werken en heeft wel mitigerende maatregelen gepubliceerd, om de dreiging van misbruik zo goed als mogelijk te beperken. Zie hiervoor de referenties naar de specifieke kwetsbaarheid.
De kwetsbaarheden stellen een kwaadwillende in staat om een roll-back uit te voeren van geïnstalleerde updates en zo het systeem weer kwetsbaar te maken voor oudere kwetsbaarheden, zonder dat dit ontdekt kan worden door het systeem. Voor het slachtoffer blijft het systeem voldoen aan de laatste beveiligingsupdates.
Succesvol misbruik is niet eenvoudig en vereist dat de kwaadwillende over verhoogde rechten beschikt op het kwetsbare systeem. Actief misbruik zal dus vermoedelijk een volgende stap in een keten zijn door een kwaadwillende die op andere wijze toegang heeft gekregen tot het kwetsbare systeem en deze kwetsbaarheden gebruikt om permanente toegang te garanderen.
```
Windows Mark of the Web (MOTW):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38213 | 6.50 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Compressed Folder:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38165 | 6.50 | Manipuleren van gegevens |
|----------------|------|-------------------------------------|
Windows Update Stack:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38163 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38202 | 7.30 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Windows DNS:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-37968 | 7.50 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Windows Mobile Broadband:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38161 | 6.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Ancillary Function Driver for WinSock:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38193 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38141 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows IP Routing Management Snapin:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38114 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38115 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38116 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38106 | 7.00 | Verkrijgen van verhoogde rechten |
| CVE-2024-38127 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38133 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38151 | 5.50 | Toegang tot gevoelige gegevens |
| CVE-2024-38153 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Secure Boot:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2022-2601 | 8.60 | Omzeilen van beveiligingsmaatregel |
| CVE-2023-40547 | 8.30 | Omzeilen van beveiligingsmaatregel |
| CVE-2022-3775 | 7.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Kernel-Mode Drivers:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38184 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38191 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38185 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38186 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38187 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Print Spooler Components:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38198 | 7.50 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Power Dependency Coordinator:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38107 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows SmartScreen:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38180 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Initial Machine Configuration:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38223 | 6.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Line Printer Daemon Service (LPD):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38199 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Streaming Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38125 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38134 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38144 | 8.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Kerberos:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-29995 | 8.10 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Security Center:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38155 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows Scripting:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38178 | 7.50 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Local Security Authority Server (lsasrv):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38118 | 5.50 | Toegang tot gevoelige gegevens |
| CVE-2024-38122 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows NTFS:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38117 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Routing and Remote Access Service (RRAS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38121 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38128 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38130 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38154 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38120 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38214 | 6.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows WLAN Auto Config Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38143 | 4.20 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows NT OS Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38135 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Network Address Translation (NAT):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38126 | 7.50 | Denial-of-Service |
| CVE-2024-38132 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Resource Manager:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38136 | 7.00 | Verkrijgen van verhoogde rechten |
| CVE-2024-38137 | 7.00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Common Log File System Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38196 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Transport Security Layer (TLS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38148 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Secure Kernel Mode:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-21302 | 6.70 | Verkrijgen van verhoogde rechten |
| CVE-2024-38142 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Reliable Multicast Transport Driver (RMCAST):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38140 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Bluetooth Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38123 | 4.40 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows TCP/IP:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38063 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Cloud Files Mini Filter Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38215 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows DWM Core Library:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38147 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38150 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Clipboard Virtual Channel Extension:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38131 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Network Virtualization:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38159 | 9.10 | Uitvoeren van willekeurige code |
| CVE-2024-38160 | 9.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Deployment Services:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38138 | 7.50 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft WDAC OLE DB provider for SQL:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38152 | 7.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Layer-2 Bridge Network Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38145 | 7.50 | Denial-of-Service |
| CVE-2024-38146 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
```
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. Ook zijn mitigerende maatregelen gepubliceerd om de kans op misbruik te beperken voor die kwetsbaarheden waarvoor (nog) geen update beschikbaar is. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-126
Buffer Over-read
CWE-138
Improper Neutralization of Special Elements
CWE-190
Integer Overflow or Wraparound
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-197
Numeric Truncation Error
CWE-20
Improper Input Validation
CWE-208
Observable Timing Discrepancy
CWE-284
Improper Access Control
CWE-306
Missing Authentication for Critical Function
CWE-345
Insufficient Verification of Data Authenticity
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE-693
Protection Mechanism Failure
CWE-73
External Control of File Name or Path
CWE-787
Out-of-bounds Write
CWE-822
Untrusted Pointer Dereference
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-908
Use of Uninitialized Resource
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Microsoft heeft kwetsbaarheden verholpen in Windows.", title: "Feiten", }, { category: "description", text: "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service\n- Omzeilen van beveiligingsmaatregel\n- Manipuleren van gegevens\n- Verkrijgen van verhoogde rechten\n- Spoofing\n- Uitvoeren van willekeurige code (root/administrator rechten)\n- Uitvoeren van willekeurige code (Gebruikersrechten)\n- Toegang tot systeemgegevens\n\nVan de kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107, CVE-2024-38178 en CVE-2024-38193 geeft Microsoft aan informatie te hebben dat deze actief zijn misbruikt.\n\nDe kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107 en CVE-2024-38193 bevinden zich respectievelijk in de Kernel, de Power Dependency Coördinator en de Ancillary Function Driver for WinSock en stellen een lokale, geauthenticeerde kwaadwillende in staat om zich verhoogde rechten toe te kennen en code uit te voeren met SYSTEM rechten.\n\nDe kwetsbaarheid met kenmerk CVE-2024-38178 bevindt zich in de Scripting Engine en stelt een kwaadwillende in staat om willekeurige code uit te voeren met rechten van het slachtoffer. Succesvol misbruik vereist wel dat de kwaadwillende het slachtoffer misleidt om de Edge browser in 'Internet Explorer mode' laat draaien.\nVan de genoemde kwetsbaarheden is geen publieke Proof-of-Concept-code of exploit beschikbaar. Het vermoeden van het NCSC is echter dat deze wel op korte termijn publiek beschikbaar zal komen. Grootschalig actief misbruik is minder waarschijnlijk, vanwege de beperkende voorwaarden van misbruik.\n\nDe ernstigste kwetsbaarheid heeft kenmerk CVE-2024-38063 toegewezen gekregen en bevindt zich in de wijze waarop Windows het IPv6 Protocol verwerkt. Een kwaadwillende kan zonder voorafgaande authenticatie op afstand willekeurige code uitvoeren op het kwetsbare systeem door het herhaaldelijk verzenden van speciaal geprepareerde IPv6 packets. IPv6 is standaard actief. Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd waarmee de kwetsbaarheid kan worden aangetoond. De PoC code vereist dat het doelwit onder controle is van de onderzoeker en veroorzaakt op dit moment hooguit een memory corruption wat resulteert in een crash van het systeem. Uitvoer van willekeurige code wordt niet bereikt. De kans op grootschalig misbruik wordt hiermee groter, maar door de beperkende voorwaarde om de PoC werkend te krijgen is deze PoC niet zondermeer grootschalig op internet in te zetten. Microsoft is niet op de hoogte dat de kwetsbaarheid actief wordt misbruikt. Microsoft adviseert om als mitigerende maatregel IPv6 uit te schakelen indien dit niet strikt noodzakelijk is.\n\nDe kwetsbaarheden met kenmerk CVE-2024-21302 en CVE-2024-38202 zijn op de laatste BlackHat Conference gepubliceerd door de onderzoeker die ze ontdekt heeft. Deze kwetsbaarheden worden in de gegevens van deze maandelijkse update wel genoemd, maar in deze update worden ze niet verholpen.\nMicrosoft geeft aan nog aan een oplossing te werken en heeft wel mitigerende maatregelen gepubliceerd, om de dreiging van misbruik zo goed als mogelijk te beperken. Zie hiervoor de referenties naar de specifieke kwetsbaarheid.\n\nDe kwetsbaarheden stellen een kwaadwillende in staat om een roll-back uit te voeren van geïnstalleerde updates en zo het systeem weer kwetsbaar te maken voor oudere kwetsbaarheden, zonder dat dit ontdekt kan worden door het systeem. Voor het slachtoffer blijft het systeem voldoen aan de laatste beveiligingsupdates.\nSuccesvol misbruik is niet eenvoudig en vereist dat de kwaadwillende over verhoogde rechten beschikt op het kwetsbare systeem. Actief misbruik zal dus vermoedelijk een volgende stap in een keten zijn door een kwaadwillende die op andere wijze toegang heeft gekregen tot het kwetsbare systeem en deze kwetsbaarheden gebruikt om permanente toegang te garanderen.\n\n\n```\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38213 | 6.50 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Compressed Folder: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38165 | 6.50 | Manipuleren van gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Update Stack: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38163 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38202 | 7.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-37968 | 7.50 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows Mobile Broadband: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38161 | 6.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38193 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38141 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows IP Routing Management Snapin: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38114 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38115 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38116 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38106 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38127 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38133 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38151 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2024-38153 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2022-2601 | 8.60 | Omzeilen van beveiligingsmaatregel | \n| CVE-2023-40547 | 8.30 | Omzeilen van beveiligingsmaatregel | \n| CVE-2022-3775 | 7.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38184 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38191 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38185 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38186 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38187 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38198 | 7.50 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Power Dependency Coordinator: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38107 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SmartScreen: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38180 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Initial Machine Configuration: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38223 | 6.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nLine Printer Daemon Service (LPD): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38199 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Streaming Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38125 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38134 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38144 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-29995 | 8.10 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Security Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38155 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Scripting: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38178 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Local Security Authority Server (lsasrv): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38118 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2024-38122 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38117 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Routing and Remote Access Service (RRAS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38121 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38128 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38130 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38154 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38120 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38214 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows WLAN Auto Config Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38143 | 4.20 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows NT OS Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38135 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Network Address Translation (NAT): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38126 | 7.50 | Denial-of-Service | \n| CVE-2024-38132 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Resource Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38136 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38137 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38196 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Transport Security Layer (TLS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38148 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Secure Kernel Mode: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-21302 | 6.70 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38142 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nReliable Multicast Transport Driver (RMCAST): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38140 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Bluetooth Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38123 | 4.40 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38063 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38215 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38147 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38150 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Clipboard Virtual Channel Extension: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38131 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Network Virtualization: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38159 | 9.10 | Uitvoeren van willekeurige code | \n| CVE-2024-38160 | 9.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38138 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft WDAC OLE DB provider for SQL: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38152 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Layer-2 Bridge Network Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38145 | 7.50 | Denial-of-Service | \n| CVE-2024-38146 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n```", title: "Interpretaties", }, { category: "description", text: "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. Ook zijn mitigerende maatregelen gepubliceerd om de kans op misbruik te beperken voor die kwetsbaarheden waarvoor (nog) geen update beschikbaar is. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Special Elements", title: "CWE-138", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "general", text: "Numeric Truncation Error", title: "CWE-197", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, { category: "general", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "External Control of File Name or Path", title: "CWE-73", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Untrusted Pointer Dereference", title: "CWE-822", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Use of Uninitialized Resource", title: "CWE-908", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - certbundde; cveprojectv5; hkcert; nvd", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302", }, { category: "external", summary: "Reference - cveprojectv5; nvd", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; hkcert; nvd", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202", }, ], title: "Kwetsbaarheden verholpen in Microsoft Windows", tracking: { current_release_date: "2024-08-27T07:59:08.391850Z", id: "NCSC-2024-0334", initial_release_date: "2024-08-13T18:19:27.728322Z", revision_history: [ { date: "2024-08-13T18:19:27.728322Z", number: "0", summary: "Initiele versie", }, { date: "2024-08-27T07:59:08.391850Z", number: "1", summary: "Er is Proof-of-Concept-code (PoC) verschenen voor de kwetsbaarheid met kenmerk CVE-2024-38063", }, ], status: "final", version: "1.0.1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "remote_desktop_client_for_windows_desktop", product: { name: "remote_desktop_client_for_windows_desktop", product_id: "CSAFPID-1455711", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:remote_desktop_client_for_windows_desktop:1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1507", product: { name: "windows_10_version_1507", product_id: "CSAFPID-1453769", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1507:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1507", product: { name: "windows_10_version_1507", product_id: "CSAFPID-1574686", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1507:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1607", product: { name: "windows_10_version_1607", product_id: "CSAFPID-1453770", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1607:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1607", product: { name: "windows_10_version_1607", product_id: "CSAFPID-1574687", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1607:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1809", product: { name: "windows_10_version_1809", product_id: "CSAFPID-1453758", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1809:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1809", product: { name: "windows_10_version_1809", product_id: "CSAFPID-1455810", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1809:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_21h2", product: { name: "windows_10_version_21h2", product_id: "CSAFPID-1453800", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_21h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_21h2", product: { name: "windows_10_version_21h2", product_id: "CSAFPID-1610391", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_21h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_22h2", product: { name: "windows_10_version_22h2", product_id: "CSAFPID-1453802", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_22h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_22h2", product: { name: "windows_10_version_22h2", product_id: "CSAFPID-1610393", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_22h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_21h2", product: { name: "windows_11_version_21h2", product_id: "CSAFPID-1453799", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_21h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_21h2", product: { name: "windows_11_version_21h2", product_id: "CSAFPID-1610390", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_21h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h2", product: { name: "windows_11_version_22h2", product_id: "CSAFPID-1453801", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h2", product: { name: "windows_11_version_22h2", product_id: "CSAFPID-1610392", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h3", product: { name: "windows_11_version_22h3", product_id: "CSAFPID-1453803", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h3:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h3", product: { name: "windows_11_version_22h3", product_id: "CSAFPID-1610394", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h3:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_23h2", product: { name: "windows_11_version_23h2", product_id: "CSAFPID-1453804", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_23h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_23h2", product: { name: "windows_11_version_23h2", product_id: "CSAFPID-1610395", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_23h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_24h2", product: { name: "windows_11_version_24h2", product_id: "CSAFPID-1615902", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_24h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_24h2", product: { name: "windows_11_version_24h2", product_id: "CSAFPID-1610396", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_24h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008__service_pack_2", product: { name: "windows_server_2008__service_pack_2", product_id: "CSAFPID-1453778", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008__service_pack_2:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_r2_service_pack_1__server_core_installation_", product: { name: "windows_server_2008_r2_service_pack_1__server_core_installation_", product_id: "CSAFPID-1453780", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1__server_core_installation_:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_r2_service_pack_1", product: { name: "windows_server_2008_r2_service_pack_1", product_id: "CSAFPID-1453779", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1:6.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_service_pack_2__server_core_installation_", product: { name: "windows_server_2008_service_pack_2__server_core_installation_", product_id: "CSAFPID-1453777", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_service_pack_2__server_core_installation_:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_service_pack_2", product: { name: "windows_server_2008_service_pack_2", product_id: "CSAFPID-1453776", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_service_pack_2:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012__server_core_installation_", product: { name: "windows_server_2012__server_core_installation_", product_id: "CSAFPID-1453782", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012__server_core_installation_:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012_r2__server_core_installation_", product: { name: "windows_server_2012_r2__server_core_installation_", product_id: "CSAFPID-1453784", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012_r2__server_core_installation_:6.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012_r2", product: { name: "windows_server_2012_r2", product_id: "CSAFPID-1453783", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012_r2:6.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012", product: { name: "windows_server_2012", product_id: "CSAFPID-1453781", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016__server_core_installation_", product: { name: "windows_server_2016__server_core_installation_", product_id: "CSAFPID-1453772", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016__server_core_installation_:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016__server_core_installation_", product: { name: "windows_server_2016__server_core_installation_", product_id: "CSAFPID-1457438", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016__server_core_installation_:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-1453771", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-1457437", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019__server_core_installation_", product: { name: "windows_server_2019__server_core_installation_", product_id: "CSAFPID-1453760", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019__server_core_installation_:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019__server_core_installation_", product: { name: "windows_server_2019__server_core_installation_", product_id: "CSAFPID-1457435", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019__server_core_installation_:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-1453759", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-1457434", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022__23h2_edition__server_core_installation_", product: { name: "windows_server_2022__23h2_edition__server_core_installation_", product_id: "CSAFPID-1453805", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022__23h2_edition__server_core_installation_:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022__23h2_edition__server_core_installation_", product: { name: "windows_server_2022__23h2_edition__server_core_installation_", product_id: "CSAFPID-1455588", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022__23h2_edition__server_core_installation_:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-1453798", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-1457436", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_for_32-bit_systems", product: { name: "windows_10_for_32-bit_systems", product_id: "CSAFPID-1502044", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10_for_32-bit_systems:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_for_64-based_systems", product: { name: "windows_10_for_64-based_systems", product_id: "CSAFPID-1502062", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10_for_64-based_systems:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2507", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502046", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1607_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502058", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1607_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2482", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502053", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502047", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502040", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2483", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502051", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502043", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502061", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2481", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502041", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502057", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502060", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-3823", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502050", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:21h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502059", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:21h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-168717", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:21h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502039", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:22h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502056", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:22h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-168718", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502045", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:23h2_for_arm64-based_system:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502055", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:23h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-804567", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:23h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1614511", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:24h2_for_arm64-based_system:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1614512", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:24h2_for_x64-based_system:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1610036", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:24h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-2417", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-168719", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-2414", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-75346", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022_23h2", product: { name: "windows_server_2022_23h2", product_id: "CSAFPID-747000", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-2488", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-75345", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-1502048", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022:23h2_edition:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows", product: { name: "windows", product_id: "CSAFPID-289704", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "microsoft", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1502048", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2024-38161", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, references: [ { category: "self", summary: "CVE-2024-38161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, ], title: "CVE-2024-38161", }, { cve: "CVE-2024-38178", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", ], }, references: [ { category: "self", summary: "CVE-2024-38178", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38178.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", ], }, ], title: "CVE-2024-38178", }, { cve: "CVE-2024-38184", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38184.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38184", }, { cve: "CVE-2024-38191", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38191", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38191.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38191", }, { cve: "CVE-2024-38193", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38193", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38193.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, ], title: "CVE-2024-38193", }, { cve: "CVE-2024-38196", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38196", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38196.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38196", }, { cve: "CVE-2024-38198", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38198", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38198.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38198", }, { cve: "CVE-2024-38199", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38199", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38199.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38199", }, { cve: "CVE-2024-38213", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38213", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38213.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, ], title: "CVE-2024-38213", }, { cve: "CVE-2024-21302", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-1502048", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-289704", "CSAFPID-1455810", "CSAFPID-1457434", "CSAFPID-1457435", "CSAFPID-1457436", "CSAFPID-1610390", "CSAFPID-1610391", "CSAFPID-1610392", "CSAFPID-1610393", "CSAFPID-1610394", "CSAFPID-1610395", "CSAFPID-1455588", "CSAFPID-1610396", "CSAFPID-1574686", "CSAFPID-1574687", "CSAFPID-1457437", "CSAFPID-1457438", ], }, references: [ { category: "self", summary: "CVE-2024-21302", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21302.json", }, ], title: "CVE-2024-21302", }, { cve: "CVE-2023-40547", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2023-40547", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40547.json", }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1502048", ], }, ], title: "CVE-2023-40547", }, { cve: "CVE-2024-38063", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "other", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38063", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38063.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38063", }, { cve: "CVE-2024-38106", cwe: { id: "CWE-591", name: "Sensitive Data Storage in Improperly Locked Memory", }, notes: [ { category: "other", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38106", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38106.json", }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38106", }, { cve: "CVE-2024-38107", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38107", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38107.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38107", }, { cve: "CVE-2024-29995", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453800", "CSAFPID-1453802", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", ], }, references: [ { category: "self", summary: "CVE-2024-29995", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29995.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453800", "CSAFPID-1453802", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", ], }, ], title: "CVE-2024-29995", }, { cve: "CVE-2024-38114", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38114", }, { cve: "CVE-2024-38115", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38115", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38115.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38115", }, { cve: "CVE-2024-38116", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38116", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38116.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38116", }, { cve: "CVE-2024-38117", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38117", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38117.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38117", }, { cve: "CVE-2024-38118", cwe: { id: "CWE-908", name: "Use of Uninitialized Resource", }, notes: [ { category: "other", text: "Use of Uninitialized Resource", title: "CWE-908", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38118", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38118.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38118", }, { cve: "CVE-2024-38122", cwe: { id: "CWE-908", name: "Use of Uninitialized Resource", }, notes: [ { category: "other", text: "Use of Uninitialized Resource", title: "CWE-908", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38122.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38122", }, { cve: "CVE-2024-38125", cwe: { id: "CWE-197", name: "Numeric Truncation Error", }, notes: [ { category: "other", text: "Numeric Truncation Error", title: "CWE-197", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38125", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38125.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38125", }, { cve: "CVE-2024-38126", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38126", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38126.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38126", }, { cve: "CVE-2024-38130", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38130.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38130", }, { cve: "CVE-2024-38131", cwe: { id: "CWE-591", name: "Sensitive Data Storage in Improperly Locked Memory", }, notes: [ { category: "other", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1455711", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38131.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1455711", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38131", }, { cve: "CVE-2024-38132", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38132", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38132.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38132", }, { cve: "CVE-2024-38133", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements", title: "CWE-138", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, references: [ { category: "self", summary: "CVE-2024-38133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, ], title: "CVE-2024-38133", }, { cve: "CVE-2024-38134", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38134", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38134.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38134", }, { cve: "CVE-2024-38136", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2483", "CSAFPID-1502048", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38136.json", }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2483", "CSAFPID-1502048", "CSAFPID-75346", ], }, ], title: "CVE-2024-38136", }, { cve: "CVE-2024-38140", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38140", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38140.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38140", }, { cve: "CVE-2024-38141", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38141", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38141.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38141", }, { cve: "CVE-2024-38142", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38142", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38142.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38142", }, { cve: "CVE-2024-38143", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38143.json", }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38143", }, { cve: "CVE-2024-38144", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38144.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38144", }, { cve: "CVE-2024-38145", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38145", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38145.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38145", }, { cve: "CVE-2024-38146", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38146", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38146.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38146", }, { cve: "CVE-2024-38151", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38151", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38151.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38151", }, { cve: "CVE-2024-38152", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38152", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38152.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38152", }, { cve: "CVE-2024-38153", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38153", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38153.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38153", }, { cve: "CVE-2024-38155", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1615902", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38155", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38155.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1615902", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38155", }, { cve: "CVE-2024-38180", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38180", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38180.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38180", }, { cve: "CVE-2024-38185", cwe: { id: "CWE-822", name: "Untrusted Pointer Dereference", }, notes: [ { category: "other", text: "Untrusted Pointer Dereference", title: "CWE-822", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38185", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38185.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38185", }, { cve: "CVE-2024-38186", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38186", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38186.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38186", }, { cve: "CVE-2024-38187", cwe: { id: "CWE-822", name: "Untrusted Pointer Dereference", }, notes: [ { category: "other", text: "Untrusted Pointer Dereference", title: "CWE-822", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38187", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38187.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38187", }, { cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2022-3775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1502048", ], }, ], title: "CVE-2022-3775", }, { cve: "CVE-2024-38215", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38215", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38215.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38215", }, { cve: "CVE-2024-38202", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-289704", "CSAFPID-1455810", "CSAFPID-1457434", "CSAFPID-1457435", "CSAFPID-1457436", "CSAFPID-1610390", "CSAFPID-1610391", "CSAFPID-1610392", "CSAFPID-1610393", "CSAFPID-1610394", "CSAFPID-1610395", "CSAFPID-1455588", "CSAFPID-1574687", "CSAFPID-1457437", "CSAFPID-1457438", "CSAFPID-2488", "CSAFPID-2414", "CSAFPID-2417", ], }, references: [ { category: "self", summary: "CVE-2024-38202", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38202.json", }, ], title: "CVE-2024-38202", }, { cve: "CVE-2024-38223", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38223", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38223.json", }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38223", }, { cve: "CVE-2024-38127", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38127", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38127.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38127", }, { cve: "CVE-2024-38121", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38121", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38121.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38121", }, { cve: "CVE-2024-38128", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38128", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38128.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38128", }, { cve: "CVE-2024-38138", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-747000", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38138.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-747000", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38138", }, { cve: "CVE-2024-38154", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38154", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38154.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38154", }, { cve: "CVE-2024-38120", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38120", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38120.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38120", }, { cve: "CVE-2024-38214", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38214", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38214.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38214", }, { cve: "CVE-2024-37968", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-37968", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37968.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-37968", }, { cve: "CVE-2024-38137", cwe: { id: "CWE-591", name: "Sensitive Data Storage in Improperly Locked Memory", }, notes: [ { category: "other", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", ], }, references: [ { category: "self", summary: "CVE-2024-38137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38137.json", }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", ], }, ], title: "CVE-2024-38137", }, { cve: "CVE-2024-38147", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, references: [ { category: "self", summary: "CVE-2024-38147", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38147.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, ], title: "CVE-2024-38147", }, { cve: "CVE-2024-38148", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", ], }, references: [ { category: "self", summary: "CVE-2024-38148", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38148.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", ], }, ], title: "CVE-2024-38148", }, { cve: "CVE-2024-38150", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, references: [ { category: "self", summary: "CVE-2024-38150", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38150.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, ], title: "CVE-2024-38150", }, { cve: "CVE-2024-38135", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", ], }, references: [ { category: "self", summary: "CVE-2024-38135", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38135.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", ], }, ], title: "CVE-2024-38135", }, { cve: "CVE-2024-38165", cwe: { id: "CWE-73", name: "External Control of File Name or Path", }, notes: [ { category: "other", text: "External Control of File Name or Path", title: "CWE-73", }, ], product_status: { known_affected: [ "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38165", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38165.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38165", }, { cve: "CVE-2024-38159", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2482", "CSAFPID-168719", ], }, references: [ { category: "self", summary: "CVE-2024-38159", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38159.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2482", "CSAFPID-168719", ], }, ], title: "CVE-2024-38159", }, { cve: "CVE-2024-38160", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-168719", ], }, references: [ { category: "self", summary: "CVE-2024-38160", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38160.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-168719", ], }, ], title: "CVE-2024-38160", }, { cve: "CVE-2024-38123", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38123", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38123.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38123", }, ], }
ncsc-2024-0414
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:17
Modified
2024-10-17 13:17
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van gegevens
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Administratorrechten)
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-606
Unchecked Input for Loop Condition
CWE-390
Detection of Error Condition Without Action
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-222
Truncation of Security-relevant Information
CWE-364
Signal Handler Race Condition
CWE-450
Multiple Interpretations of UI Input
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-126
Buffer Over-read
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-755
Improper Handling of Exceptional Conditions
CWE-834
Excessive Iteration
CWE-407
Inefficient Algorithmic Complexity
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-195
Signed to Unsigned Conversion Error
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-918
Server-Side Request Forgery (SSRF)
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Signal Handler Race Condition", title: "CWE-364", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-10-17T13:17:52.103171Z", id: "NCSC-2024-0414", initial_release_date: "2024-10-17T13:17:52.103171Z", revision_history: [ { date: "2024-10-17T13:17:52.103171Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-1673475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1650734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product: { name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product_id: "CSAFPID-219835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management__-_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-41194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-765241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-498607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-764736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-220190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-391501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-440102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-89545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180215", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220057", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-2045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-40612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-608629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-93784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-41111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1685", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-493445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-294401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45184", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45181", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611403", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-912066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1503323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-165550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-93546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-180195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-40299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-187447", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45186", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45185", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220559", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-764825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-180201", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-760687", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-40947", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-93635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-503534", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-90018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-94290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-614513", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-643776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-2044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-180194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-223527", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-503493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-260394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-618156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1673473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40609", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-180198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-760688", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-493444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-93633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220056", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-223511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-216017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220918", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614514", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-40608", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-180199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-41113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-2310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90020", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90015", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-765371", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180202", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-642000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-90021", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-218028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220910", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-611401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-40610", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-611587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-493443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180196", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-165576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40948", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589925", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90019", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-220326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-764737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-224787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-220189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-764734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-426842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-345031", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-204635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-764833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-764248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_data_model", product: { name: "communications_data_model", product_id: "CSAFPID-764902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-765372", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-342799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-165544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704410", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-41183", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-342802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-764829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1892", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-1673417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-765369", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-204528", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_ftp_table_base_retrieval", product: { name: "communications_eagle_ftp_table_base_retrieval", product_id: "CSAFPID-204623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765366", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765365", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_elastic_charging_engine", product: { name: "communications_elastic_charging_engine", product_id: "CSAFPID-764834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9226", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-8845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-2286", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-345038", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-611422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_evolved_communications_application_server", product: { name: "communications_evolved_communications_application_server", product_id: "CSAFPID-204645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-207586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-234306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-387664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_interactive_session_recorder", product: { name: "communications_interactive_session_recorder", product_id: "CSAFPID-1893", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_lsms", product: { name: "communications_lsms", product_id: "CSAFPID-1673065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_lsms:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-764835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-375182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-41182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-226017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-220167", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-764243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-764249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-220125", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-245244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-204554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-9489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-110249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-219898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-179774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center", product: { name: "communications_performance_intelligence_center", product_id: "CSAFPID-1673485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765367", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765368", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-764830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-573035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-45192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-611406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_services_gatekeeper", product: { name: "communications_services_gatekeeper", product_id: "CSAFPID-608630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-704413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-166028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2282", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2285", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2279", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-204634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-345039", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-611423", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-342805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-704414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-166027", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2287", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2283", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2284", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2280", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2281", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-220414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-204607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-764901", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-614089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-110243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-205759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-76994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-568240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-355340", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611408", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-703515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-204456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2021-37137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2021-37137", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2068.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-704410", "CSAFPID-704411", "CSAFPID-704412", "CSAFPID-226017", "CSAFPID-179774", "CSAFPID-219898", "CSAFPID-219826", "CSAFPID-204569", "CSAFPID-204510", "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-220548", "CSAFPID-608629", "CSAFPID-93784", "CSAFPID-41111", "CSAFPID-1685", "CSAFPID-493445", "CSAFPID-294401", "CSAFPID-220547", "CSAFPID-764824", "CSAFPID-220459", "CSAFPID-764825", "CSAFPID-93635", "CSAFPID-503534", "CSAFPID-503493", "CSAFPID-493444", "CSAFPID-93633", "CSAFPID-260395", "CSAFPID-260393", "CSAFPID-220468", "CSAFPID-93636", "CSAFPID-93634", "CSAFPID-589926", "CSAFPID-179780", "CSAFPID-589925", "CSAFPID-179779", "CSAFPID-764826", "CSAFPID-764827", "CSAFPID-764828", "CSAFPID-764829", "CSAFPID-764830", "CSAFPID-220190", "CSAFPID-220189", "CSAFPID-764833", "CSAFPID-41183", "CSAFPID-764834", "CSAFPID-234306", "CSAFPID-764835", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-40949", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-204635", "CSAFPID-41182", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-1899", "CSAFPID-40299", "CSAFPID-1900", "CSAFPID-180194", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-110243", "CSAFPID-765241", "CSAFPID-209546", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180217", "CSAFPID-180196", "CSAFPID-40612", "CSAFPID-180201", "CSAFPID-180216", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-40608", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-2310", "CSAFPID-93547", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673065", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-23437", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23437.json", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-36760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36760.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-2953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, references: [ { category: "self", summary: "CVE-2023-3635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3635.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, ], title: "CVE-2023-3635", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-6816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6816.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-6816", }, { cve: "CVE-2023-38408", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-38408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-38408", }, { cve: "CVE-2023-43642", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, references: [ { category: "self", summary: "CVE-2023-43642", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43642.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, ], title: "CVE-2023-43642", }, { cve: "CVE-2023-46136", cwe: { id: "CWE-407", name: "Inefficient Algorithmic Complexity", }, notes: [ { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-46136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46136.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-5971", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5971.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "other", text: "Signal Handler Race Condition", title: "CWE-364", }, ], product_status: { known_affected: [ "CSAFPID-1503595", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-6387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json", }, ], title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-29736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-30251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30251.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31080.json", }, ], title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31744", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31744.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-39689", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-39689", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, ], title: "CVE-2024-39689", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-43044", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-43044", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43044.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-45492", }, ], }
NCSC-2024-0414
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:17
Modified
2024-10-17 13:17
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van gegevens
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Administratorrechten)
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-606
Unchecked Input for Loop Condition
CWE-390
Detection of Error Condition Without Action
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-222
Truncation of Security-relevant Information
CWE-364
Signal Handler Race Condition
CWE-450
Multiple Interpretations of UI Input
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-126
Buffer Over-read
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-755
Improper Handling of Exceptional Conditions
CWE-834
Excessive Iteration
CWE-407
Inefficient Algorithmic Complexity
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-195
Signed to Unsigned Conversion Error
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-918
Server-Side Request Forgery (SSRF)
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Signal Handler Race Condition", title: "CWE-364", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-10-17T13:17:52.103171Z", id: "NCSC-2024-0414", initial_release_date: "2024-10-17T13:17:52.103171Z", revision_history: [ { date: "2024-10-17T13:17:52.103171Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-1673475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1650734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product: { name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product_id: "CSAFPID-219835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management__-_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-41194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-765241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-498607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-764736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-220190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-391501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-440102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-89545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180215", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220057", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-2045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-40612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-608629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-93784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-41111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1685", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-493445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-294401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45184", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45181", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611403", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-912066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1503323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-165550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-93546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-180195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-40299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-187447", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45186", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45185", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220559", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-764825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-180201", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-760687", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-40947", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-93635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-503534", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-90018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-94290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-614513", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-643776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-2044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-180194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-223527", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-503493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-260394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-618156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1673473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40609", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-180198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-760688", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-493444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-93633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220056", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-223511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-216017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220918", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614514", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-40608", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-180199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-41113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-2310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90020", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90015", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-765371", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180202", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-642000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-90021", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-218028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220910", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-611401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-40610", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-611587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-493443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180196", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-165576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40948", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589925", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90019", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-220326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-764737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-224787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-220189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-764734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-426842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-345031", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-204635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-764833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-764248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_data_model", product: { name: "communications_data_model", product_id: "CSAFPID-764902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-765372", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-342799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-165544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704410", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-41183", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-342802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-764829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1892", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-1673417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-765369", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-204528", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_ftp_table_base_retrieval", product: { name: "communications_eagle_ftp_table_base_retrieval", product_id: "CSAFPID-204623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765366", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765365", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_elastic_charging_engine", product: { name: "communications_elastic_charging_engine", product_id: "CSAFPID-764834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9226", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-8845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-2286", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-345038", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-611422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_evolved_communications_application_server", product: { name: "communications_evolved_communications_application_server", product_id: "CSAFPID-204645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-207586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-234306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-387664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_interactive_session_recorder", product: { name: "communications_interactive_session_recorder", product_id: "CSAFPID-1893", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_lsms", product: { name: "communications_lsms", product_id: "CSAFPID-1673065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_lsms:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-764835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-375182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-41182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-226017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-220167", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-764243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-764249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-220125", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-245244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-204554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-9489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-110249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-219898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-179774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center", product: { name: "communications_performance_intelligence_center", product_id: "CSAFPID-1673485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765367", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765368", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-764830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-573035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-45192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-611406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_services_gatekeeper", product: { name: "communications_services_gatekeeper", product_id: "CSAFPID-608630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-704413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-166028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2282", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2285", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2279", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-204634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-345039", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-611423", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-342805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-704414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-166027", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2287", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2283", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2284", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2280", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2281", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-220414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-204607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-764901", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-614089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-110243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-205759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-76994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-568240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-355340", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611408", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-703515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-204456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2021-37137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2021-37137", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2068.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-704410", "CSAFPID-704411", "CSAFPID-704412", "CSAFPID-226017", "CSAFPID-179774", "CSAFPID-219898", "CSAFPID-219826", "CSAFPID-204569", "CSAFPID-204510", "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-220548", "CSAFPID-608629", "CSAFPID-93784", "CSAFPID-41111", "CSAFPID-1685", "CSAFPID-493445", "CSAFPID-294401", "CSAFPID-220547", "CSAFPID-764824", "CSAFPID-220459", "CSAFPID-764825", "CSAFPID-93635", "CSAFPID-503534", "CSAFPID-503493", "CSAFPID-493444", "CSAFPID-93633", "CSAFPID-260395", "CSAFPID-260393", "CSAFPID-220468", "CSAFPID-93636", "CSAFPID-93634", "CSAFPID-589926", "CSAFPID-179780", "CSAFPID-589925", "CSAFPID-179779", "CSAFPID-764826", "CSAFPID-764827", "CSAFPID-764828", "CSAFPID-764829", "CSAFPID-764830", "CSAFPID-220190", "CSAFPID-220189", "CSAFPID-764833", "CSAFPID-41183", "CSAFPID-764834", "CSAFPID-234306", "CSAFPID-764835", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-40949", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-204635", "CSAFPID-41182", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-1899", "CSAFPID-40299", "CSAFPID-1900", "CSAFPID-180194", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-110243", "CSAFPID-765241", "CSAFPID-209546", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180217", "CSAFPID-180196", "CSAFPID-40612", "CSAFPID-180201", "CSAFPID-180216", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-40608", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-2310", "CSAFPID-93547", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673065", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-23437", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23437.json", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-36760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36760.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-2953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, references: [ { category: "self", summary: "CVE-2023-3635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3635.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, ], title: "CVE-2023-3635", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-6816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6816.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-6816", }, { cve: "CVE-2023-38408", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-38408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-38408", }, { cve: "CVE-2023-43642", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, references: [ { category: "self", summary: "CVE-2023-43642", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43642.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, ], title: "CVE-2023-43642", }, { cve: "CVE-2023-46136", cwe: { id: "CWE-407", name: "Inefficient Algorithmic Complexity", }, notes: [ { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-46136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46136.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-5971", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5971.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "other", text: "Signal Handler Race Condition", title: "CWE-364", }, ], product_status: { known_affected: [ "CSAFPID-1503595", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-6387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json", }, ], title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-29736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-30251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30251.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31080.json", }, ], title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31744", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31744.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-39689", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-39689", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, ], title: "CVE-2024-39689", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-43044", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-43044", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43044.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-45492", }, ], }
ncsc-2024-0339
Vulnerability from csaf_ncscnl
Published
2024-08-13 18:23
Modified
2024-08-13 18:23
Summary
Kwetsbaarheden verholpen in Microsoft Mariner
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Microsoft heeft kwetsbaarheden verholpen in Mariner (Azure Linux).
Interpretaties
De kwetsbaarheden betreffen oudere kwetsbaarheden in diverse subcomponenten van de distro, zoals Python, Emacs, Qemu, Django, Curl, wget etc. welke in de nieuwe versie zijn verholpen.
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans
medium
Schade
high
CWE-115
Misinterpretation of Input
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-129
Improper Validation of Array Index
CWE-187
Partial String Comparison
CWE-190
Integer Overflow or Wraparound
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-193
Off-by-one Error
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-269
Improper Privilege Management
CWE-273
Improper Check for Dropped Privileges
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-295
Improper Certificate Validation
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-299
Improper Check for Certificate Revocation
CWE-319
Cleartext Transmission of Sensitive Information
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-369
Divide By Zero
CWE-371
CWE-371
CWE-400
Uncontrolled Resource Consumption
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-532
Insertion of Sensitive Information into Log File
CWE-667
Improper Locking
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-833
Deadlock
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-863
Incorrect Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Microsoft heeft kwetsbaarheden verholpen in Mariner (Azure Linux).", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden betreffen oudere kwetsbaarheden in diverse subcomponenten van de distro, zoals Python, Emacs, Qemu, Django, Curl, wget etc. welke in de nieuwe versie zijn verholpen.", title: "Interpretaties", }, { category: "description", text: "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Validation of Array Index", title: "CWE-129", }, { category: "general", text: "Partial String Comparison", title: "CWE-187", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "general", text: "Off-by-one Error", title: "CWE-193", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, { category: "general", text: "Improper Handling of Insufficient Permissions or Privileges ", title: "CWE-280", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Improper Validation of Certificate with Host Mismatch", title: "CWE-297", }, { category: "general", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, { category: "general", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Divide By Zero", title: "CWE-369", }, { category: "general", text: "CWE-371", title: "CWE-371", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Improper Locking", title: "CWE-667", }, { category: "general", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Deadlock", title: "CWE-833", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Incorrect Authorization", title: "CWE-863", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, title: "Kwetsbaarheden verholpen in Microsoft Mariner", tracking: { current_release_date: "2024-08-13T18:23:22.271316Z", id: "NCSC-2024-0339", initial_release_date: "2024-08-13T18:23:22.271316Z", revision_history: [ { date: "2024-08-13T18:23:22.271316Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "cbl-mariner", product: { name: "cbl-mariner", product_id: "CSAFPID-1489521", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "microsoft", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], references: [ { category: "self", summary: "CVE-2022-3775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3775.json", }, ], title: "CVE-2022-3775", }, { cve: "CVE-2022-36648", references: [ { category: "self", summary: "CVE-2022-36648", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36648.json", }, ], title: "CVE-2022-36648", }, { cve: "CVE-2019-3833", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], references: [ { category: "self", summary: "CVE-2019-3833", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-3833.json", }, ], title: "CVE-2019-3833", }, { cve: "CVE-2021-3929", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2021-3929", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3929.json", }, ], title: "CVE-2021-3929", }, { cve: "CVE-2021-4158", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2021-4158", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4158.json", }, ], title: "CVE-2021-4158", }, { cve: "CVE-2021-4206", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], references: [ { category: "self", summary: "CVE-2021-4206", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4206.json", }, ], title: "CVE-2021-4206", }, { cve: "CVE-2021-4207", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], references: [ { category: "self", summary: "CVE-2021-4207", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4207.json", }, ], title: "CVE-2021-4207", }, { cve: "CVE-2022-26353", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, ], references: [ { category: "self", summary: "CVE-2022-26353", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26353.json", }, ], title: "CVE-2022-26353", }, { cve: "CVE-2022-35414", references: [ { category: "self", summary: "CVE-2022-35414", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-35414.json", }, ], title: "CVE-2022-35414", }, { cve: "CVE-2023-3354", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2023-3354", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3354.json", }, ], title: "CVE-2023-3354", }, { cve: "CVE-2022-3872", cwe: { id: "CWE-193", name: "Off-by-one Error", }, notes: [ { category: "other", text: "Off-by-one Error", title: "CWE-193", }, ], references: [ { category: "self", summary: "CVE-2022-3872", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3872.json", }, ], title: "CVE-2022-3872", }, { cve: "CVE-2022-4144", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2022-4144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-4144.json", }, ], title: "CVE-2022-4144", }, { cve: "CVE-2023-45288", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-45288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json", }, ], title: "CVE-2023-45288", }, { cve: "CVE-2023-29404", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2023-29404", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29404.json", }, ], title: "CVE-2023-29404", }, { cve: "CVE-2023-29402", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2023-29402", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29402.json", }, ], title: "CVE-2023-29402", }, { cve: "CVE-2019-3816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2019-3816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-3816.json", }, ], title: "CVE-2019-3816", }, { cve: "CVE-2021-3750", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2021-3750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3750.json", }, ], title: "CVE-2021-3750", }, { cve: "CVE-2022-0358", cwe: { id: "CWE-273", name: "Improper Check for Dropped Privileges", }, notes: [ { category: "other", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, ], references: [ { category: "self", summary: "CVE-2022-0358", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0358.json", }, ], title: "CVE-2022-0358", }, { cve: "CVE-2022-26354", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, ], references: [ { category: "self", summary: "CVE-2022-26354", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26354.json", }, ], title: "CVE-2022-26354", }, { cve: "CVE-2022-3165", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, ], references: [ { category: "self", summary: "CVE-2022-3165", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3165.json", }, ], title: "CVE-2022-3165", }, { cve: "CVE-2022-2962", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2022-2962", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2962.json", }, ], title: "CVE-2022-2962", }, { cve: "CVE-2022-41722", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2022-41722", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41722.json", }, ], title: "CVE-2022-41722", }, { cve: "CVE-2022-29526", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, notes: [ { category: "other", text: "Improper Handling of Insufficient Permissions or Privileges ", title: "CWE-280", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], references: [ { category: "self", summary: "CVE-2022-29526", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-29526.json", }, ], title: "CVE-2022-29526", }, { cve: "CVE-2007-4559", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2007-4559", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2007/CVE-2007-4559.json", }, ], title: "CVE-2007-4559", }, { cve: "CVE-2019-9674", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2019-9674", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-9674.json", }, ], title: "CVE-2019-9674", }, { cve: "CVE-2017-18207", references: [ { category: "self", summary: "CVE-2017-18207", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-18207.json", }, ], title: "CVE-2017-18207", }, { cve: "CVE-2019-20907", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], references: [ { category: "self", summary: "CVE-2019-20907", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-20907.json", }, ], title: "CVE-2019-20907", }, { cve: "CVE-2021-23336", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], references: [ { category: "self", summary: "CVE-2021-23336", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23336.json", }, ], title: "CVE-2021-23336", }, { cve: "CVE-2017-17522", references: [ { category: "self", summary: "CVE-2017-17522", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-17522.json", }, ], title: "CVE-2017-17522", }, { cve: "CVE-2024-6655", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2024-6655", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6655.json", }, ], title: "CVE-2024-6655", }, { cve: "CVE-2024-2466", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Improper Validation of Certificate with Host Mismatch", title: "CWE-297", }, ], references: [ { category: "self", summary: "CVE-2024-2466", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json", }, ], title: "CVE-2024-2466", }, { cve: "CVE-2024-39331", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, ], references: [ { category: "self", summary: "CVE-2024-39331", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39331.json", }, ], title: "CVE-2024-39331", }, { cve: "CVE-2021-43565", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2021-43565", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43565.json", }, ], title: "CVE-2021-43565", }, { cve: "CVE-2024-39277", cwe: { id: "CWE-129", name: "Improper Validation of Array Index", }, notes: [ { category: "other", text: "Improper Validation of Array Index", title: "CWE-129", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-39277", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39277.json", }, ], title: "CVE-2024-39277", }, { cve: "CVE-2024-38780", cwe: { id: "CWE-371", name: "-", }, notes: [ { category: "other", text: "CWE-371", title: "CWE-371", }, { category: "other", text: "Improper Locking", title: "CWE-667", }, ], references: [ { category: "self", summary: "CVE-2024-38780", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38780.json", }, ], title: "CVE-2024-38780", }, { cve: "CVE-2024-39292", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-39292", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39292.json", }, ], title: "CVE-2024-39292", }, { cve: "CVE-2024-39482", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-39482", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39482.json", }, ], title: "CVE-2024-39482", }, { cve: "CVE-2024-39484", references: [ { category: "self", summary: "CVE-2024-39484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39484.json", }, ], title: "CVE-2024-39484", }, { cve: "CVE-2024-39495", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-39495", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39495.json", }, ], title: "CVE-2024-39495", }, { cve: "CVE-2024-40902", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, ], references: [ { category: "self", summary: "CVE-2024-40902", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40902.json", }, ], title: "CVE-2024-40902", }, { cve: "CVE-2024-41110", cwe: { id: "CWE-187", name: "Partial String Comparison", }, notes: [ { category: "other", text: "Partial String Comparison", title: "CWE-187", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], references: [ { category: "self", summary: "CVE-2024-41110", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41110.json", }, ], title: "CVE-2024-41110", }, { cve: "CVE-2024-37298", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-37298", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37298.json", }, ], title: "CVE-2024-37298", }, { cve: "CVE-2024-0397", references: [ { category: "self", summary: "CVE-2024-0397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json", }, ], title: "CVE-2024-0397", }, { cve: "CVE-2024-38571", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-38571", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38571.json", }, ], title: "CVE-2024-38571", }, { cve: "CVE-2024-42077", references: [ { category: "self", summary: "CVE-2024-42077", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42077.json", }, ], title: "CVE-2024-42077", }, { cve: "CVE-2024-39473", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-39473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39473.json", }, ], title: "CVE-2024-39473", }, { cve: "CVE-2024-26900", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-26900", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26900.json", }, ], title: "CVE-2024-26900", }, { cve: "CVE-2024-39474", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-39474", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39474.json", }, ], title: "CVE-2024-39474", }, { cve: "CVE-2024-42073", references: [ { category: "self", summary: "CVE-2024-42073", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42073.json", }, ], title: "CVE-2024-42073", }, { cve: "CVE-2024-42074", references: [ { category: "self", summary: "CVE-2024-42074", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42074.json", }, ], title: "CVE-2024-42074", }, { cve: "CVE-2024-42075", references: [ { category: "self", summary: "CVE-2024-42075", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42075.json", }, ], title: "CVE-2024-42075", }, { cve: "CVE-2024-42078", references: [ { category: "self", summary: "CVE-2024-42078", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42078.json", }, ], title: "CVE-2024-42078", }, { cve: "CVE-2024-0853", cwe: { id: "CWE-299", name: "Improper Check for Certificate Revocation", }, notes: [ { category: "other", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, ], references: [ { category: "self", summary: "CVE-2024-0853", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json", }, ], title: "CVE-2024-0853", }, { cve: "CVE-2024-2004", cwe: { id: "CWE-319", name: "Cleartext Transmission of Sensitive Information", }, notes: [ { category: "other", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, { category: "other", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-2004", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json", }, ], title: "CVE-2024-2004", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-38662", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-38662", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38662.json", }, ], title: "CVE-2024-38662", }, { cve: "CVE-2024-36288", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], references: [ { category: "self", summary: "CVE-2024-36288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36288.json", }, ], title: "CVE-2024-36288", }, { cve: "CVE-2024-39480", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, ], references: [ { category: "self", summary: "CVE-2024-39480", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39480.json", }, ], title: "CVE-2024-39480", }, { cve: "CVE-2024-39476", cwe: { id: "CWE-833", name: "Deadlock", }, notes: [ { category: "other", text: "Deadlock", title: "CWE-833", }, ], references: [ { category: "self", summary: "CVE-2024-39476", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39476.json", }, ], title: "CVE-2024-39476", }, { cve: "CVE-2024-39475", cwe: { id: "CWE-369", name: "Divide By Zero", }, notes: [ { category: "other", text: "Divide By Zero", title: "CWE-369", }, ], references: [ { category: "self", summary: "CVE-2024-39475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39475.json", }, ], title: "CVE-2024-39475", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-26461", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-26461", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26461.json", }, ], title: "CVE-2024-26461", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-6104", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], references: [ { category: "self", summary: "CVE-2024-6104", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6104.json", }, ], title: "CVE-2024-6104", }, { cve: "CVE-2024-6257", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], references: [ { category: "self", summary: "CVE-2024-6257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6257.json", }, ], title: "CVE-2024-6257", }, { cve: "CVE-2024-23722", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-23722", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23722.json", }, ], title: "CVE-2024-23722", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-38583", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-38583", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38583.json", }, ], title: "CVE-2024-38583", }, { cve: "CVE-2024-39493", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-39493", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39493.json", }, ], title: "CVE-2024-39493", }, { cve: "CVE-2024-42068", references: [ { category: "self", summary: "CVE-2024-42068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42068.json", }, ], title: "CVE-2024-42068", }, { cve: "CVE-2024-39489", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-39489", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39489.json", }, ], title: "CVE-2024-39489", }, { cve: "CVE-2024-42070", references: [ { category: "self", summary: "CVE-2024-42070", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42070.json", }, ], title: "CVE-2024-42070", }, { cve: "CVE-2024-42076", references: [ { category: "self", summary: "CVE-2024-42076", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42076.json", }, ], title: "CVE-2024-42076", }, { cve: "CVE-2024-42080", references: [ { category: "self", summary: "CVE-2024-42080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42080.json", }, ], title: "CVE-2024-42080", }, { cve: "CVE-2024-38428", cwe: { id: "CWE-115", name: "Misinterpretation of Input", }, notes: [ { category: "other", text: "Misinterpretation of Input", title: "CWE-115", }, ], references: [ { category: "self", summary: "CVE-2024-38428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38428.json", }, ], title: "CVE-2024-38428", }, { cve: "CVE-2024-42082", references: [ { category: "self", summary: "CVE-2024-42082", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42082.json", }, ], title: "CVE-2024-42082", }, { cve: "CVE-2022-48788", references: [ { category: "self", summary: "CVE-2022-48788", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48788.json", }, ], title: "CVE-2022-48788", }, { cve: "CVE-2023-52340", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-52340", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52340.json", }, ], title: "CVE-2023-52340", }, { cve: "CVE-2022-48841", references: [ { category: "self", summary: "CVE-2022-48841", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48841.json", }, ], title: "CVE-2022-48841", }, { cve: "CVE-2024-39485", references: [ { category: "self", summary: "CVE-2024-39485", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39485.json", }, ], title: "CVE-2024-39485", }, { cve: "CVE-2024-39483", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, ], references: [ { category: "self", summary: "CVE-2024-39483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39483.json", }, ], title: "CVE-2024-39483", }, { cve: "CVE-2024-42071", references: [ { category: "self", summary: "CVE-2024-42071", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42071.json", }, ], title: "CVE-2024-42071", }, { cve: "CVE-2024-42072", references: [ { category: "self", summary: "CVE-2024-42072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42072.json", }, ], title: "CVE-2024-42072", }, { cve: "CVE-2024-42237", references: [ { category: "self", summary: "CVE-2024-42237", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42237.json", }, ], title: "CVE-2024-42237", }, { cve: "CVE-2024-42083", references: [ { category: "self", summary: "CVE-2024-42083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42083.json", }, ], title: "CVE-2024-42083", }, ], }
NCSC-2024-0334
Vulnerability from csaf_ncscnl
Published
2024-08-13 18:19
Modified
2024-08-27 07:59
Summary
Kwetsbaarheden verholpen in Microsoft Windows
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Microsoft heeft kwetsbaarheden verholpen in Windows.
Interpretaties
Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service
- Omzeilen van beveiligingsmaatregel
- Manipuleren van gegevens
- Verkrijgen van verhoogde rechten
- Spoofing
- Uitvoeren van willekeurige code (root/administrator rechten)
- Uitvoeren van willekeurige code (Gebruikersrechten)
- Toegang tot systeemgegevens
Van de kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107, CVE-2024-38178 en CVE-2024-38193 geeft Microsoft aan informatie te hebben dat deze actief zijn misbruikt.
De kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107 en CVE-2024-38193 bevinden zich respectievelijk in de Kernel, de Power Dependency Coördinator en de Ancillary Function Driver for WinSock en stellen een lokale, geauthenticeerde kwaadwillende in staat om zich verhoogde rechten toe te kennen en code uit te voeren met SYSTEM rechten.
De kwetsbaarheid met kenmerk CVE-2024-38178 bevindt zich in de Scripting Engine en stelt een kwaadwillende in staat om willekeurige code uit te voeren met rechten van het slachtoffer. Succesvol misbruik vereist wel dat de kwaadwillende het slachtoffer misleidt om de Edge browser in 'Internet Explorer mode' laat draaien.
Van de genoemde kwetsbaarheden is geen publieke Proof-of-Concept-code of exploit beschikbaar. Het vermoeden van het NCSC is echter dat deze wel op korte termijn publiek beschikbaar zal komen. Grootschalig actief misbruik is minder waarschijnlijk, vanwege de beperkende voorwaarden van misbruik.
De ernstigste kwetsbaarheid heeft kenmerk CVE-2024-38063 toegewezen gekregen en bevindt zich in de wijze waarop Windows het IPv6 Protocol verwerkt. Een kwaadwillende kan zonder voorafgaande authenticatie op afstand willekeurige code uitvoeren op het kwetsbare systeem door het herhaaldelijk verzenden van speciaal geprepareerde IPv6 packets. IPv6 is standaard actief. Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd waarmee de kwetsbaarheid kan worden aangetoond. De PoC code vereist dat het doelwit onder controle is van de onderzoeker en veroorzaakt op dit moment hooguit een memory corruption wat resulteert in een crash van het systeem. Uitvoer van willekeurige code wordt niet bereikt. De kans op grootschalig misbruik wordt hiermee groter, maar door de beperkende voorwaarde om de PoC werkend te krijgen is deze PoC niet zondermeer grootschalig op internet in te zetten. Microsoft is niet op de hoogte dat de kwetsbaarheid actief wordt misbruikt. Microsoft adviseert om als mitigerende maatregel IPv6 uit te schakelen indien dit niet strikt noodzakelijk is.
De kwetsbaarheden met kenmerk CVE-2024-21302 en CVE-2024-38202 zijn op de laatste BlackHat Conference gepubliceerd door de onderzoeker die ze ontdekt heeft. Deze kwetsbaarheden worden in de gegevens van deze maandelijkse update wel genoemd, maar in deze update worden ze niet verholpen.
Microsoft geeft aan nog aan een oplossing te werken en heeft wel mitigerende maatregelen gepubliceerd, om de dreiging van misbruik zo goed als mogelijk te beperken. Zie hiervoor de referenties naar de specifieke kwetsbaarheid.
De kwetsbaarheden stellen een kwaadwillende in staat om een roll-back uit te voeren van geïnstalleerde updates en zo het systeem weer kwetsbaar te maken voor oudere kwetsbaarheden, zonder dat dit ontdekt kan worden door het systeem. Voor het slachtoffer blijft het systeem voldoen aan de laatste beveiligingsupdates.
Succesvol misbruik is niet eenvoudig en vereist dat de kwaadwillende over verhoogde rechten beschikt op het kwetsbare systeem. Actief misbruik zal dus vermoedelijk een volgende stap in een keten zijn door een kwaadwillende die op andere wijze toegang heeft gekregen tot het kwetsbare systeem en deze kwetsbaarheden gebruikt om permanente toegang te garanderen.
```
Windows Mark of the Web (MOTW):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38213 | 6.50 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Compressed Folder:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38165 | 6.50 | Manipuleren van gegevens |
|----------------|------|-------------------------------------|
Windows Update Stack:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38163 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38202 | 7.30 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Windows DNS:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-37968 | 7.50 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Windows Mobile Broadband:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38161 | 6.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Ancillary Function Driver for WinSock:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38193 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38141 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows IP Routing Management Snapin:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38114 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38115 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38116 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38106 | 7.00 | Verkrijgen van verhoogde rechten |
| CVE-2024-38127 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38133 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38151 | 5.50 | Toegang tot gevoelige gegevens |
| CVE-2024-38153 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Secure Boot:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2022-2601 | 8.60 | Omzeilen van beveiligingsmaatregel |
| CVE-2023-40547 | 8.30 | Omzeilen van beveiligingsmaatregel |
| CVE-2022-3775 | 7.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Kernel-Mode Drivers:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38184 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38191 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38185 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38186 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38187 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Print Spooler Components:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38198 | 7.50 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Power Dependency Coordinator:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38107 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows SmartScreen:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38180 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Initial Machine Configuration:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38223 | 6.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Line Printer Daemon Service (LPD):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38199 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Streaming Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38125 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38134 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38144 | 8.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Kerberos:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-29995 | 8.10 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Security Center:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38155 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows Scripting:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38178 | 7.50 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Local Security Authority Server (lsasrv):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38118 | 5.50 | Toegang tot gevoelige gegevens |
| CVE-2024-38122 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows NTFS:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38117 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Routing and Remote Access Service (RRAS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38121 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38128 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38130 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38154 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38120 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2024-38214 | 6.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows WLAN Auto Config Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38143 | 4.20 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows NT OS Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38135 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Network Address Translation (NAT):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38126 | 7.50 | Denial-of-Service |
| CVE-2024-38132 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Resource Manager:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38136 | 7.00 | Verkrijgen van verhoogde rechten |
| CVE-2024-38137 | 7.00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Common Log File System Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38196 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Transport Security Layer (TLS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38148 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Secure Kernel Mode:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-21302 | 6.70 | Verkrijgen van verhoogde rechten |
| CVE-2024-38142 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Reliable Multicast Transport Driver (RMCAST):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38140 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Bluetooth Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38123 | 4.40 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows TCP/IP:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38063 | 9.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Cloud Files Mini Filter Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38215 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows DWM Core Library:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38147 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2024-38150 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Clipboard Virtual Channel Extension:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38131 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Network Virtualization:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38159 | 9.10 | Uitvoeren van willekeurige code |
| CVE-2024-38160 | 9.10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Deployment Services:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38138 | 7.50 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft WDAC OLE DB provider for SQL:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38152 | 7.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Layer-2 Bridge Network Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2024-38145 | 7.50 | Denial-of-Service |
| CVE-2024-38146 | 7.50 | Denial-of-Service |
|----------------|------|-------------------------------------|
```
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. Ook zijn mitigerende maatregelen gepubliceerd om de kans op misbruik te beperken voor die kwetsbaarheden waarvoor (nog) geen update beschikbaar is. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-126
Buffer Over-read
CWE-138
Improper Neutralization of Special Elements
CWE-190
Integer Overflow or Wraparound
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-197
Numeric Truncation Error
CWE-20
Improper Input Validation
CWE-208
Observable Timing Discrepancy
CWE-284
Improper Access Control
CWE-306
Missing Authentication for Critical Function
CWE-345
Insufficient Verification of Data Authenticity
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE-693
Protection Mechanism Failure
CWE-73
External Control of File Name or Path
CWE-787
Out-of-bounds Write
CWE-822
Untrusted Pointer Dereference
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-908
Use of Uninitialized Resource
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Microsoft heeft kwetsbaarheden verholpen in Windows.", title: "Feiten", }, { category: "description", text: "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service\n- Omzeilen van beveiligingsmaatregel\n- Manipuleren van gegevens\n- Verkrijgen van verhoogde rechten\n- Spoofing\n- Uitvoeren van willekeurige code (root/administrator rechten)\n- Uitvoeren van willekeurige code (Gebruikersrechten)\n- Toegang tot systeemgegevens\n\nVan de kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107, CVE-2024-38178 en CVE-2024-38193 geeft Microsoft aan informatie te hebben dat deze actief zijn misbruikt.\n\nDe kwetsbaarheden met kenmerk CVE-2024-38106, CVE-2024-38107 en CVE-2024-38193 bevinden zich respectievelijk in de Kernel, de Power Dependency Coördinator en de Ancillary Function Driver for WinSock en stellen een lokale, geauthenticeerde kwaadwillende in staat om zich verhoogde rechten toe te kennen en code uit te voeren met SYSTEM rechten.\n\nDe kwetsbaarheid met kenmerk CVE-2024-38178 bevindt zich in de Scripting Engine en stelt een kwaadwillende in staat om willekeurige code uit te voeren met rechten van het slachtoffer. Succesvol misbruik vereist wel dat de kwaadwillende het slachtoffer misleidt om de Edge browser in 'Internet Explorer mode' laat draaien.\nVan de genoemde kwetsbaarheden is geen publieke Proof-of-Concept-code of exploit beschikbaar. Het vermoeden van het NCSC is echter dat deze wel op korte termijn publiek beschikbaar zal komen. Grootschalig actief misbruik is minder waarschijnlijk, vanwege de beperkende voorwaarden van misbruik.\n\nDe ernstigste kwetsbaarheid heeft kenmerk CVE-2024-38063 toegewezen gekregen en bevindt zich in de wijze waarop Windows het IPv6 Protocol verwerkt. Een kwaadwillende kan zonder voorafgaande authenticatie op afstand willekeurige code uitvoeren op het kwetsbare systeem door het herhaaldelijk verzenden van speciaal geprepareerde IPv6 packets. IPv6 is standaard actief. Onderzoekers hebben Proof-of-Concept-code (PoC) gepubliceerd waarmee de kwetsbaarheid kan worden aangetoond. De PoC code vereist dat het doelwit onder controle is van de onderzoeker en veroorzaakt op dit moment hooguit een memory corruption wat resulteert in een crash van het systeem. Uitvoer van willekeurige code wordt niet bereikt. De kans op grootschalig misbruik wordt hiermee groter, maar door de beperkende voorwaarde om de PoC werkend te krijgen is deze PoC niet zondermeer grootschalig op internet in te zetten. Microsoft is niet op de hoogte dat de kwetsbaarheid actief wordt misbruikt. Microsoft adviseert om als mitigerende maatregel IPv6 uit te schakelen indien dit niet strikt noodzakelijk is.\n\nDe kwetsbaarheden met kenmerk CVE-2024-21302 en CVE-2024-38202 zijn op de laatste BlackHat Conference gepubliceerd door de onderzoeker die ze ontdekt heeft. Deze kwetsbaarheden worden in de gegevens van deze maandelijkse update wel genoemd, maar in deze update worden ze niet verholpen.\nMicrosoft geeft aan nog aan een oplossing te werken en heeft wel mitigerende maatregelen gepubliceerd, om de dreiging van misbruik zo goed als mogelijk te beperken. Zie hiervoor de referenties naar de specifieke kwetsbaarheid.\n\nDe kwetsbaarheden stellen een kwaadwillende in staat om een roll-back uit te voeren van geïnstalleerde updates en zo het systeem weer kwetsbaar te maken voor oudere kwetsbaarheden, zonder dat dit ontdekt kan worden door het systeem. Voor het slachtoffer blijft het systeem voldoen aan de laatste beveiligingsupdates.\nSuccesvol misbruik is niet eenvoudig en vereist dat de kwaadwillende over verhoogde rechten beschikt op het kwetsbare systeem. Actief misbruik zal dus vermoedelijk een volgende stap in een keten zijn door een kwaadwillende die op andere wijze toegang heeft gekregen tot het kwetsbare systeem en deze kwetsbaarheden gebruikt om permanente toegang te garanderen.\n\n\n```\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38213 | 6.50 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Compressed Folder: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38165 | 6.50 | Manipuleren van gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Update Stack: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38163 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38202 | 7.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-37968 | 7.50 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows Mobile Broadband: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38161 | 6.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38193 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38141 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows IP Routing Management Snapin: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38114 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38115 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38116 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38106 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38127 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38133 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38151 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2024-38153 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2022-2601 | 8.60 | Omzeilen van beveiligingsmaatregel | \n| CVE-2023-40547 | 8.30 | Omzeilen van beveiligingsmaatregel | \n| CVE-2022-3775 | 7.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38184 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38191 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38185 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38186 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38187 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38198 | 7.50 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Power Dependency Coordinator: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38107 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SmartScreen: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38180 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Initial Machine Configuration: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38223 | 6.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nLine Printer Daemon Service (LPD): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38199 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Streaming Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38125 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38134 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38144 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-29995 | 8.10 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Security Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38155 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Scripting: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38178 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Local Security Authority Server (lsasrv): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38118 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2024-38122 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38117 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Routing and Remote Access Service (RRAS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38121 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38128 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38130 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38154 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38120 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2024-38214 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows WLAN Auto Config Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38143 | 4.20 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows NT OS Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38135 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Network Address Translation (NAT): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38126 | 7.50 | Denial-of-Service | \n| CVE-2024-38132 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Resource Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38136 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38137 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38196 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Transport Security Layer (TLS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38148 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Secure Kernel Mode: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-21302 | 6.70 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38142 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nReliable Multicast Transport Driver (RMCAST): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38140 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Bluetooth Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38123 | 4.40 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38063 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38215 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38147 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2024-38150 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Clipboard Virtual Channel Extension: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38131 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Network Virtualization: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38159 | 9.10 | Uitvoeren van willekeurige code | \n| CVE-2024-38160 | 9.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38138 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft WDAC OLE DB provider for SQL: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38152 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Layer-2 Bridge Network Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2024-38145 | 7.50 | Denial-of-Service | \n| CVE-2024-38146 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n```", title: "Interpretaties", }, { category: "description", text: "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. Ook zijn mitigerende maatregelen gepubliceerd om de kans op misbruik te beperken voor die kwetsbaarheden waarvoor (nog) geen update beschikbaar is. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Special Elements", title: "CWE-138", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "general", text: "Numeric Truncation Error", title: "CWE-197", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, { category: "general", text: "Protection Mechanism Failure", title: "CWE-693", }, { category: "general", text: "External Control of File Name or Path", title: "CWE-73", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Untrusted Pointer Dereference", title: "CWE-822", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Use of Uninitialized Resource", title: "CWE-908", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - certbundde; cveprojectv5; hkcert; nvd", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302", }, { category: "external", summary: "Reference - cveprojectv5; nvd", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; hkcert; nvd", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202", }, ], title: "Kwetsbaarheden verholpen in Microsoft Windows", tracking: { current_release_date: "2024-08-27T07:59:08.391850Z", id: "NCSC-2024-0334", initial_release_date: "2024-08-13T18:19:27.728322Z", revision_history: [ { date: "2024-08-13T18:19:27.728322Z", number: "0", summary: "Initiele versie", }, { date: "2024-08-27T07:59:08.391850Z", number: "1", summary: "Er is Proof-of-Concept-code (PoC) verschenen voor de kwetsbaarheid met kenmerk CVE-2024-38063", }, ], status: "final", version: "1.0.1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "remote_desktop_client_for_windows_desktop", product: { name: "remote_desktop_client_for_windows_desktop", product_id: "CSAFPID-1455711", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:remote_desktop_client_for_windows_desktop:1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1507", product: { name: "windows_10_version_1507", product_id: "CSAFPID-1453769", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1507:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1507", product: { name: "windows_10_version_1507", product_id: "CSAFPID-1574686", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1507:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1607", product: { name: "windows_10_version_1607", product_id: "CSAFPID-1453770", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1607:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1607", product: { name: "windows_10_version_1607", product_id: "CSAFPID-1574687", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1607:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1809", product: { name: "windows_10_version_1809", product_id: "CSAFPID-1453758", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1809:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_1809", product: { name: "windows_10_version_1809", product_id: "CSAFPID-1455810", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_1809:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_21h2", product: { name: "windows_10_version_21h2", product_id: "CSAFPID-1453800", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_21h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_21h2", product: { name: "windows_10_version_21h2", product_id: "CSAFPID-1610391", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_21h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_22h2", product: { name: "windows_10_version_22h2", product_id: "CSAFPID-1453802", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_22h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_version_22h2", product: { name: "windows_10_version_22h2", product_id: "CSAFPID-1610393", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_10_version_22h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_21h2", product: { name: "windows_11_version_21h2", product_id: "CSAFPID-1453799", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_21h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_21h2", product: { name: "windows_11_version_21h2", product_id: "CSAFPID-1610390", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_21h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h2", product: { name: "windows_11_version_22h2", product_id: "CSAFPID-1453801", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h2", product: { name: "windows_11_version_22h2", product_id: "CSAFPID-1610392", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h3", product: { name: "windows_11_version_22h3", product_id: "CSAFPID-1453803", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h3:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_22h3", product: { name: "windows_11_version_22h3", product_id: "CSAFPID-1610394", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_22h3:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_23h2", product: { name: "windows_11_version_23h2", product_id: "CSAFPID-1453804", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_23h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_23h2", product: { name: "windows_11_version_23h2", product_id: "CSAFPID-1610395", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_23h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_24h2", product: { name: "windows_11_version_24h2", product_id: "CSAFPID-1615902", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_24h2:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11_version_24h2", product: { name: "windows_11_version_24h2", product_id: "CSAFPID-1610396", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_11_version_24h2:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008__service_pack_2", product: { name: "windows_server_2008__service_pack_2", product_id: "CSAFPID-1453778", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008__service_pack_2:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_r2_service_pack_1__server_core_installation_", product: { name: "windows_server_2008_r2_service_pack_1__server_core_installation_", product_id: "CSAFPID-1453780", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1__server_core_installation_:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_r2_service_pack_1", product: { name: "windows_server_2008_r2_service_pack_1", product_id: "CSAFPID-1453779", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_r2_service_pack_1:6.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_service_pack_2__server_core_installation_", product: { name: "windows_server_2008_service_pack_2__server_core_installation_", product_id: "CSAFPID-1453777", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_service_pack_2__server_core_installation_:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2008_service_pack_2", product: { name: "windows_server_2008_service_pack_2", product_id: "CSAFPID-1453776", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2008_service_pack_2:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012__server_core_installation_", product: { name: "windows_server_2012__server_core_installation_", product_id: "CSAFPID-1453782", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012__server_core_installation_:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012_r2__server_core_installation_", product: { name: "windows_server_2012_r2__server_core_installation_", product_id: "CSAFPID-1453784", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012_r2__server_core_installation_:6.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012_r2", product: { name: "windows_server_2012_r2", product_id: "CSAFPID-1453783", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012_r2:6.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2012", product: { name: "windows_server_2012", product_id: "CSAFPID-1453781", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2012:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016__server_core_installation_", product: { name: "windows_server_2016__server_core_installation_", product_id: "CSAFPID-1453772", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016__server_core_installation_:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016__server_core_installation_", product: { name: "windows_server_2016__server_core_installation_", product_id: "CSAFPID-1457438", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016__server_core_installation_:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-1453771", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-1457437", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2016:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019__server_core_installation_", product: { name: "windows_server_2019__server_core_installation_", product_id: "CSAFPID-1453760", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019__server_core_installation_:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019__server_core_installation_", product: { name: "windows_server_2019__server_core_installation_", product_id: "CSAFPID-1457435", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019__server_core_installation_:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-1453759", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-1457434", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2019:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022__23h2_edition__server_core_installation_", product: { name: "windows_server_2022__23h2_edition__server_core_installation_", product_id: "CSAFPID-1453805", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022__23h2_edition__server_core_installation_:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022__23h2_edition__server_core_installation_", product: { name: "windows_server_2022__23h2_edition__server_core_installation_", product_id: "CSAFPID-1455588", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022__23h2_edition__server_core_installation_:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-1453798", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022:10.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-1457436", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:windows_server_2022:n_a:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_for_32-bit_systems", product: { name: "windows_10_for_32-bit_systems", product_id: "CSAFPID-1502044", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10_for_32-bit_systems:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10_for_64-based_systems", product: { name: "windows_10_for_64-based_systems", product_id: "CSAFPID-1502062", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10_for_64-based_systems:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2507", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502046", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1607_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502058", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1607_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2482", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502053", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502047", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502040", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2483", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502051", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502043", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502061", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-2481", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502041", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2_for_32-bit_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502057", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-1502060", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_10", product: { name: "windows_10", product_id: "CSAFPID-3823", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502050", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:21h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502059", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:21h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-168717", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:21h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502039", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:22h2_for_arm64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502056", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:22h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-168718", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502045", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:23h2_for_arm64-based_system:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1502055", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:23h2_for_x64-based_systems:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-804567", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:23h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1614511", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:24h2_for_arm64-based_system:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1614512", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:24h2_for_x64-based_system:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_11", product: { name: "windows_11", product_id: "CSAFPID-1610036", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_11:24h2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-2417", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2016", product: { name: "windows_server_2016", product_id: "CSAFPID-168719", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-2414", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2019", product: { name: "windows_server_2019", product_id: "CSAFPID-75346", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022_23h2", product: { name: "windows_server_2022_23h2", product_id: "CSAFPID-747000", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-2488", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-75345", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows_server_2022", product: { name: "windows_server_2022", product_id: "CSAFPID-1502048", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows_server_2022:23h2_edition:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "windows", product: { name: "windows", product_id: "CSAFPID-289704", product_identification_helper: { cpe: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "microsoft", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1502048", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2024-38161", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, references: [ { category: "self", summary: "CVE-2024-38161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, ], title: "CVE-2024-38161", }, { cve: "CVE-2024-38178", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", ], }, references: [ { category: "self", summary: "CVE-2024-38178", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38178.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", ], }, ], title: "CVE-2024-38178", }, { cve: "CVE-2024-38184", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38184.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38184", }, { cve: "CVE-2024-38191", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38191", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38191.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38191", }, { cve: "CVE-2024-38193", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38193", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38193.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, ], title: "CVE-2024-38193", }, { cve: "CVE-2024-38196", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38196", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38196.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38196", }, { cve: "CVE-2024-38198", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38198", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38198.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38198", }, { cve: "CVE-2024-38199", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38199", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38199.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38199", }, { cve: "CVE-2024-38213", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38213", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38213.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-747000", ], }, ], title: "CVE-2024-38213", }, { cve: "CVE-2024-21302", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2488", "CSAFPID-1502048", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-289704", "CSAFPID-1455810", "CSAFPID-1457434", "CSAFPID-1457435", "CSAFPID-1457436", "CSAFPID-1610390", "CSAFPID-1610391", "CSAFPID-1610392", "CSAFPID-1610393", "CSAFPID-1610394", "CSAFPID-1610395", "CSAFPID-1455588", "CSAFPID-1610396", "CSAFPID-1574686", "CSAFPID-1574687", "CSAFPID-1457437", "CSAFPID-1457438", ], }, references: [ { category: "self", summary: "CVE-2024-21302", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21302.json", }, ], title: "CVE-2024-21302", }, { cve: "CVE-2023-40547", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2023-40547", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40547.json", }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1502048", ], }, ], title: "CVE-2023-40547", }, { cve: "CVE-2024-38063", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "other", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38063", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38063.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38063", }, { cve: "CVE-2024-38106", cwe: { id: "CWE-591", name: "Sensitive Data Storage in Improperly Locked Memory", }, notes: [ { category: "other", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38106", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38106.json", }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38106", }, { cve: "CVE-2024-38107", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38107", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38107.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-2488", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38107", }, { cve: "CVE-2024-29995", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453800", "CSAFPID-1453802", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", ], }, references: [ { category: "self", summary: "CVE-2024-29995", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29995.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453800", "CSAFPID-1453802", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", ], }, ], title: "CVE-2024-29995", }, { cve: "CVE-2024-38114", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38114", }, { cve: "CVE-2024-38115", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38115", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38115.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38115", }, { cve: "CVE-2024-38116", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38116", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38116.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38116", }, { cve: "CVE-2024-38117", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38117", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38117.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38117", }, { cve: "CVE-2024-38118", cwe: { id: "CWE-908", name: "Use of Uninitialized Resource", }, notes: [ { category: "other", text: "Use of Uninitialized Resource", title: "CWE-908", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38118", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38118.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38118", }, { cve: "CVE-2024-38122", cwe: { id: "CWE-908", name: "Use of Uninitialized Resource", }, notes: [ { category: "other", text: "Use of Uninitialized Resource", title: "CWE-908", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38122.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38122", }, { cve: "CVE-2024-38125", cwe: { id: "CWE-197", name: "Numeric Truncation Error", }, notes: [ { category: "other", text: "Numeric Truncation Error", title: "CWE-197", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38125", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38125.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38125", }, { cve: "CVE-2024-38126", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38126", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38126.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38126", }, { cve: "CVE-2024-38130", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38130.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38130", }, { cve: "CVE-2024-38131", cwe: { id: "CWE-591", name: "Sensitive Data Storage in Improperly Locked Memory", }, notes: [ { category: "other", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1455711", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38131.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1455711", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38131", }, { cve: "CVE-2024-38132", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38132", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38132.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38132", }, { cve: "CVE-2024-38133", cwe: { id: "CWE-138", name: "Improper Neutralization of Special Elements", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements", title: "CWE-138", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, references: [ { category: "self", summary: "CVE-2024-38133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-2481", "CSAFPID-2483", ], }, ], title: "CVE-2024-38133", }, { cve: "CVE-2024-38134", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38134", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38134.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38134", }, { cve: "CVE-2024-38136", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2483", "CSAFPID-1502048", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38136.json", }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2414", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2483", "CSAFPID-1502048", "CSAFPID-75346", ], }, ], title: "CVE-2024-38136", }, { cve: "CVE-2024-38140", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38140", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38140.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38140", }, { cve: "CVE-2024-38141", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38141", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38141.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38141", }, { cve: "CVE-2024-38142", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38142", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38142.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38142", }, { cve: "CVE-2024-38143", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38143.json", }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38143", }, { cve: "CVE-2024-38144", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38144.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38144", }, { cve: "CVE-2024-38145", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38145", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38145.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38145", }, { cve: "CVE-2024-38146", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38146", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38146.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38146", }, { cve: "CVE-2024-38151", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, references: [ { category: "self", summary: "CVE-2024-38151", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38151.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", "CSAFPID-2482", ], }, ], title: "CVE-2024-38151", }, { cve: "CVE-2024-38152", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38152", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38152.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38152", }, { cve: "CVE-2024-38153", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38153", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38153.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38153", }, { cve: "CVE-2024-38155", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1615902", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38155", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38155.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1615902", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38155", }, { cve: "CVE-2024-38180", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, notes: [ { category: "other", text: "Protection Mechanism Failure", title: "CWE-693", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38180", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38180.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38180", }, { cve: "CVE-2024-38185", cwe: { id: "CWE-822", name: "Untrusted Pointer Dereference", }, notes: [ { category: "other", text: "Untrusted Pointer Dereference", title: "CWE-822", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38185", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38185.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38185", }, { cve: "CVE-2024-38186", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38186", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38186.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38186", }, { cve: "CVE-2024-38187", cwe: { id: "CWE-822", name: "Untrusted Pointer Dereference", }, notes: [ { category: "other", text: "Untrusted Pointer Dereference", title: "CWE-822", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38187", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38187.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38187", }, { cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2022-3775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1502048", ], }, ], title: "CVE-2022-3775", }, { cve: "CVE-2024-38215", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38215", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38215.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38215", }, { cve: "CVE-2024-38202", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-289704", "CSAFPID-1455810", "CSAFPID-1457434", "CSAFPID-1457435", "CSAFPID-1457436", "CSAFPID-1610390", "CSAFPID-1610391", "CSAFPID-1610392", "CSAFPID-1610393", "CSAFPID-1610394", "CSAFPID-1610395", "CSAFPID-1455588", "CSAFPID-1574687", "CSAFPID-1457437", "CSAFPID-1457438", "CSAFPID-2488", "CSAFPID-2414", "CSAFPID-2417", ], }, references: [ { category: "self", summary: "CVE-2024-38202", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38202.json", }, ], title: "CVE-2024-38202", }, { cve: "CVE-2024-38223", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38223", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38223.json", }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-2507", "CSAFPID-2481", "CSAFPID-3823", "CSAFPID-2482", "CSAFPID-2483", "CSAFPID-168718", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38223", }, { cve: "CVE-2024-38127", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, ], product_status: { known_affected: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38127", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38127.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453758", "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1453769", "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-2483", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", "CSAFPID-2482", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38127", }, { cve: "CVE-2024-38121", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38121", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38121.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38121", }, { cve: "CVE-2024-38128", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38128", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38128.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38128", }, { cve: "CVE-2024-38138", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-747000", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38138.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-747000", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38138", }, { cve: "CVE-2024-38154", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-38154", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38154.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-38154", }, { cve: "CVE-2024-38120", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, references: [ { category: "self", summary: "CVE-2024-38120", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38120.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", ], }, ], title: "CVE-2024-38120", }, { cve: "CVE-2024-38214", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38214", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38214.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-168719", "CSAFPID-75346", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38214", }, { cve: "CVE-2024-37968", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, references: [ { category: "self", summary: "CVE-2024-37968", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37968.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453759", "CSAFPID-1453760", "CSAFPID-1453798", "CSAFPID-1453805", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1453776", "CSAFPID-1453777", "CSAFPID-1453778", "CSAFPID-1453779", "CSAFPID-1453780", "CSAFPID-1453781", "CSAFPID-1453782", "CSAFPID-1453783", "CSAFPID-1453784", "CSAFPID-747000", "CSAFPID-2507", "CSAFPID-2414", "CSAFPID-2417", "CSAFPID-75345", "CSAFPID-1502048", "CSAFPID-168719", "CSAFPID-75346", ], }, ], title: "CVE-2024-37968", }, { cve: "CVE-2024-38137", cwe: { id: "CWE-591", name: "Sensitive Data Storage in Improperly Locked Memory", }, notes: [ { category: "other", text: "Sensitive Data Storage in Improperly Locked Memory", title: "CWE-591", }, { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", ], }, references: [ { category: "self", summary: "CVE-2024-38137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38137.json", }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-75345", "CSAFPID-2481", ], }, ], title: "CVE-2024-38137", }, { cve: "CVE-2024-38147", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, references: [ { category: "self", summary: "CVE-2024-38147", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38147.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, ], title: "CVE-2024-38147", }, { cve: "CVE-2024-38148", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", ], }, references: [ { category: "self", summary: "CVE-2024-38148", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38148.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", ], }, ], title: "CVE-2024-38148", }, { cve: "CVE-2024-38150", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, references: [ { category: "self", summary: "CVE-2024-38150", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38150.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453798", "CSAFPID-1453799", "CSAFPID-1453800", "CSAFPID-1453801", "CSAFPID-1453802", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1615902", "CSAFPID-1502048", "CSAFPID-75345", "CSAFPID-747000", "CSAFPID-168718", "CSAFPID-3823", "CSAFPID-2481", ], }, ], title: "CVE-2024-38150", }, { cve: "CVE-2024-38135", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", ], }, references: [ { category: "self", summary: "CVE-2024-38135", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38135.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1453805", "CSAFPID-1502048", "CSAFPID-747000", "CSAFPID-168718", ], }, ], title: "CVE-2024-38135", }, { cve: "CVE-2024-38165", cwe: { id: "CWE-73", name: "External Control of File Name or Path", }, notes: [ { category: "other", text: "External Control of File Name or Path", title: "CWE-73", }, ], product_status: { known_affected: [ "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38165", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38165.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453801", "CSAFPID-1453803", "CSAFPID-1453804", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38165", }, { cve: "CVE-2024-38159", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2482", "CSAFPID-168719", ], }, references: [ { category: "self", summary: "CVE-2024-38159", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38159.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-2417", "CSAFPID-2482", "CSAFPID-168719", ], }, ], title: "CVE-2024-38159", }, { cve: "CVE-2024-38160", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-168719", ], }, references: [ { category: "self", summary: "CVE-2024-38160", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38160.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1453770", "CSAFPID-1453771", "CSAFPID-1453772", "CSAFPID-1502048", "CSAFPID-168719", ], }, ], title: "CVE-2024-38160", }, { cve: "CVE-2024-38123", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1615902", "CSAFPID-1502048", ], }, references: [ { category: "self", summary: "CVE-2024-38123", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38123.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-1615902", "CSAFPID-1502048", ], }, ], title: "CVE-2024-38123", }, ], }
NCSC-2024-0339
Vulnerability from csaf_ncscnl
Published
2024-08-13 18:23
Modified
2024-08-13 18:23
Summary
Kwetsbaarheden verholpen in Microsoft Mariner
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Microsoft heeft kwetsbaarheden verholpen in Mariner (Azure Linux).
Interpretaties
De kwetsbaarheden betreffen oudere kwetsbaarheden in diverse subcomponenten van de distro, zoals Python, Emacs, Qemu, Django, Curl, wget etc. welke in de nieuwe versie zijn verholpen.
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans
medium
Schade
high
CWE-115
Misinterpretation of Input
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-129
Improper Validation of Array Index
CWE-187
Partial String Comparison
CWE-190
Integer Overflow or Wraparound
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-193
Off-by-one Error
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-269
Improper Privilege Management
CWE-273
Improper Check for Dropped Privileges
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-295
Improper Certificate Validation
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-299
Improper Check for Certificate Revocation
CWE-319
Cleartext Transmission of Sensitive Information
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-369
Divide By Zero
CWE-371
CWE-371
CWE-400
Uncontrolled Resource Consumption
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-532
Insertion of Sensitive Information into Log File
CWE-667
Improper Locking
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-833
Deadlock
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-863
Incorrect Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Microsoft heeft kwetsbaarheden verholpen in Mariner (Azure Linux).", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden betreffen oudere kwetsbaarheden in diverse subcomponenten van de distro, zoals Python, Emacs, Qemu, Django, Curl, wget etc. welke in de nieuwe versie zijn verholpen.", title: "Interpretaties", }, { category: "description", text: "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Validation of Array Index", title: "CWE-129", }, { category: "general", text: "Partial String Comparison", title: "CWE-187", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "general", text: "Off-by-one Error", title: "CWE-193", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, { category: "general", text: "Improper Handling of Insufficient Permissions or Privileges ", title: "CWE-280", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Improper Validation of Certificate with Host Mismatch", title: "CWE-297", }, { category: "general", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, { category: "general", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Divide By Zero", title: "CWE-369", }, { category: "general", text: "CWE-371", title: "CWE-371", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Improper Locking", title: "CWE-667", }, { category: "general", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Deadlock", title: "CWE-833", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Incorrect Authorization", title: "CWE-863", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, title: "Kwetsbaarheden verholpen in Microsoft Mariner", tracking: { current_release_date: "2024-08-13T18:23:22.271316Z", id: "NCSC-2024-0339", initial_release_date: "2024-08-13T18:23:22.271316Z", revision_history: [ { date: "2024-08-13T18:23:22.271316Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "cbl-mariner", product: { name: "cbl-mariner", product_id: "CSAFPID-1489521", product_identification_helper: { cpe: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "microsoft", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], references: [ { category: "self", summary: "CVE-2022-3775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3775.json", }, ], title: "CVE-2022-3775", }, { cve: "CVE-2022-36648", references: [ { category: "self", summary: "CVE-2022-36648", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36648.json", }, ], title: "CVE-2022-36648", }, { cve: "CVE-2019-3833", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], references: [ { category: "self", summary: "CVE-2019-3833", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-3833.json", }, ], title: "CVE-2019-3833", }, { cve: "CVE-2021-3929", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2021-3929", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3929.json", }, ], title: "CVE-2021-3929", }, { cve: "CVE-2021-4158", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2021-4158", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4158.json", }, ], title: "CVE-2021-4158", }, { cve: "CVE-2021-4206", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], references: [ { category: "self", summary: "CVE-2021-4206", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4206.json", }, ], title: "CVE-2021-4206", }, { cve: "CVE-2021-4207", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], references: [ { category: "self", summary: "CVE-2021-4207", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4207.json", }, ], title: "CVE-2021-4207", }, { cve: "CVE-2022-26353", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, ], references: [ { category: "self", summary: "CVE-2022-26353", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26353.json", }, ], title: "CVE-2022-26353", }, { cve: "CVE-2022-35414", references: [ { category: "self", summary: "CVE-2022-35414", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-35414.json", }, ], title: "CVE-2022-35414", }, { cve: "CVE-2023-3354", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2023-3354", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3354.json", }, ], title: "CVE-2023-3354", }, { cve: "CVE-2022-3872", cwe: { id: "CWE-193", name: "Off-by-one Error", }, notes: [ { category: "other", text: "Off-by-one Error", title: "CWE-193", }, ], references: [ { category: "self", summary: "CVE-2022-3872", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3872.json", }, ], title: "CVE-2022-3872", }, { cve: "CVE-2022-4144", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2022-4144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-4144.json", }, ], title: "CVE-2022-4144", }, { cve: "CVE-2023-45288", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-45288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json", }, ], title: "CVE-2023-45288", }, { cve: "CVE-2023-29404", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2023-29404", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29404.json", }, ], title: "CVE-2023-29404", }, { cve: "CVE-2023-29402", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2023-29402", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29402.json", }, ], title: "CVE-2023-29402", }, { cve: "CVE-2019-3816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2019-3816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-3816.json", }, ], title: "CVE-2019-3816", }, { cve: "CVE-2021-3750", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2021-3750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3750.json", }, ], title: "CVE-2021-3750", }, { cve: "CVE-2022-0358", cwe: { id: "CWE-273", name: "Improper Check for Dropped Privileges", }, notes: [ { category: "other", text: "Improper Check for Dropped Privileges", title: "CWE-273", }, ], references: [ { category: "self", summary: "CVE-2022-0358", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0358.json", }, ], title: "CVE-2022-0358", }, { cve: "CVE-2022-26354", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, ], references: [ { category: "self", summary: "CVE-2022-26354", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26354.json", }, ], title: "CVE-2022-26354", }, { cve: "CVE-2022-3165", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, ], references: [ { category: "self", summary: "CVE-2022-3165", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3165.json", }, ], title: "CVE-2022-3165", }, { cve: "CVE-2022-2962", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2022-2962", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2962.json", }, ], title: "CVE-2022-2962", }, { cve: "CVE-2022-41722", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2022-41722", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41722.json", }, ], title: "CVE-2022-41722", }, { cve: "CVE-2022-29526", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, notes: [ { category: "other", text: "Improper Handling of Insufficient Permissions or Privileges ", title: "CWE-280", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], references: [ { category: "self", summary: "CVE-2022-29526", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-29526.json", }, ], title: "CVE-2022-29526", }, { cve: "CVE-2007-4559", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2007-4559", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2007/CVE-2007-4559.json", }, ], title: "CVE-2007-4559", }, { cve: "CVE-2019-9674", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2019-9674", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-9674.json", }, ], title: "CVE-2019-9674", }, { cve: "CVE-2017-18207", references: [ { category: "self", summary: "CVE-2017-18207", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-18207.json", }, ], title: "CVE-2017-18207", }, { cve: "CVE-2019-20907", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], references: [ { category: "self", summary: "CVE-2019-20907", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-20907.json", }, ], title: "CVE-2019-20907", }, { cve: "CVE-2021-23336", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], references: [ { category: "self", summary: "CVE-2021-23336", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23336.json", }, ], title: "CVE-2021-23336", }, { cve: "CVE-2017-17522", references: [ { category: "self", summary: "CVE-2017-17522", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-17522.json", }, ], title: "CVE-2017-17522", }, { cve: "CVE-2024-6655", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2024-6655", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6655.json", }, ], title: "CVE-2024-6655", }, { cve: "CVE-2024-2466", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Improper Validation of Certificate with Host Mismatch", title: "CWE-297", }, ], references: [ { category: "self", summary: "CVE-2024-2466", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json", }, ], title: "CVE-2024-2466", }, { cve: "CVE-2024-39331", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, ], references: [ { category: "self", summary: "CVE-2024-39331", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39331.json", }, ], title: "CVE-2024-39331", }, { cve: "CVE-2021-43565", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2021-43565", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43565.json", }, ], title: "CVE-2021-43565", }, { cve: "CVE-2024-39277", cwe: { id: "CWE-129", name: "Improper Validation of Array Index", }, notes: [ { category: "other", text: "Improper Validation of Array Index", title: "CWE-129", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-39277", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39277.json", }, ], title: "CVE-2024-39277", }, { cve: "CVE-2024-38780", cwe: { id: "CWE-371", name: "-", }, notes: [ { category: "other", text: "CWE-371", title: "CWE-371", }, { category: "other", text: "Improper Locking", title: "CWE-667", }, ], references: [ { category: "self", summary: "CVE-2024-38780", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38780.json", }, ], title: "CVE-2024-38780", }, { cve: "CVE-2024-39292", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-39292", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39292.json", }, ], title: "CVE-2024-39292", }, { cve: "CVE-2024-39482", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-39482", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39482.json", }, ], title: "CVE-2024-39482", }, { cve: "CVE-2024-39484", references: [ { category: "self", summary: "CVE-2024-39484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39484.json", }, ], title: "CVE-2024-39484", }, { cve: "CVE-2024-39495", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-39495", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39495.json", }, ], title: "CVE-2024-39495", }, { cve: "CVE-2024-40902", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, ], references: [ { category: "self", summary: "CVE-2024-40902", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40902.json", }, ], title: "CVE-2024-40902", }, { cve: "CVE-2024-41110", cwe: { id: "CWE-187", name: "Partial String Comparison", }, notes: [ { category: "other", text: "Partial String Comparison", title: "CWE-187", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], references: [ { category: "self", summary: "CVE-2024-41110", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41110.json", }, ], title: "CVE-2024-41110", }, { cve: "CVE-2024-37298", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-37298", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37298.json", }, ], title: "CVE-2024-37298", }, { cve: "CVE-2024-0397", references: [ { category: "self", summary: "CVE-2024-0397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json", }, ], title: "CVE-2024-0397", }, { cve: "CVE-2024-38571", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-38571", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38571.json", }, ], title: "CVE-2024-38571", }, { cve: "CVE-2024-42077", references: [ { category: "self", summary: "CVE-2024-42077", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42077.json", }, ], title: "CVE-2024-42077", }, { cve: "CVE-2024-39473", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-39473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39473.json", }, ], title: "CVE-2024-39473", }, { cve: "CVE-2024-26900", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-26900", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26900.json", }, ], title: "CVE-2024-26900", }, { cve: "CVE-2024-39474", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-39474", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39474.json", }, ], title: "CVE-2024-39474", }, { cve: "CVE-2024-42073", references: [ { category: "self", summary: "CVE-2024-42073", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42073.json", }, ], title: "CVE-2024-42073", }, { cve: "CVE-2024-42074", references: [ { category: "self", summary: "CVE-2024-42074", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42074.json", }, ], title: "CVE-2024-42074", }, { cve: "CVE-2024-42075", references: [ { category: "self", summary: "CVE-2024-42075", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42075.json", }, ], title: "CVE-2024-42075", }, { cve: "CVE-2024-42078", references: [ { category: "self", summary: "CVE-2024-42078", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42078.json", }, ], title: "CVE-2024-42078", }, { cve: "CVE-2024-0853", cwe: { id: "CWE-299", name: "Improper Check for Certificate Revocation", }, notes: [ { category: "other", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, ], references: [ { category: "self", summary: "CVE-2024-0853", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json", }, ], title: "CVE-2024-0853", }, { cve: "CVE-2024-2004", cwe: { id: "CWE-319", name: "Cleartext Transmission of Sensitive Information", }, notes: [ { category: "other", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, { category: "other", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-2004", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json", }, ], title: "CVE-2024-2004", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-38662", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-38662", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38662.json", }, ], title: "CVE-2024-38662", }, { cve: "CVE-2024-36288", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], references: [ { category: "self", summary: "CVE-2024-36288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36288.json", }, ], title: "CVE-2024-36288", }, { cve: "CVE-2024-39480", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, ], references: [ { category: "self", summary: "CVE-2024-39480", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39480.json", }, ], title: "CVE-2024-39480", }, { cve: "CVE-2024-39476", cwe: { id: "CWE-833", name: "Deadlock", }, notes: [ { category: "other", text: "Deadlock", title: "CWE-833", }, ], references: [ { category: "self", summary: "CVE-2024-39476", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39476.json", }, ], title: "CVE-2024-39476", }, { cve: "CVE-2024-39475", cwe: { id: "CWE-369", name: "Divide By Zero", }, notes: [ { category: "other", text: "Divide By Zero", title: "CWE-369", }, ], references: [ { category: "self", summary: "CVE-2024-39475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39475.json", }, ], title: "CVE-2024-39475", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-26461", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-26461", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26461.json", }, ], title: "CVE-2024-26461", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-6104", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], references: [ { category: "self", summary: "CVE-2024-6104", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6104.json", }, ], title: "CVE-2024-6104", }, { cve: "CVE-2024-6257", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], references: [ { category: "self", summary: "CVE-2024-6257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6257.json", }, ], title: "CVE-2024-6257", }, { cve: "CVE-2024-23722", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-23722", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23722.json", }, ], title: "CVE-2024-23722", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-38583", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-38583", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38583.json", }, ], title: "CVE-2024-38583", }, { cve: "CVE-2024-39493", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-39493", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39493.json", }, ], title: "CVE-2024-39493", }, { cve: "CVE-2024-42068", references: [ { category: "self", summary: "CVE-2024-42068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42068.json", }, ], title: "CVE-2024-42068", }, { cve: "CVE-2024-39489", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], references: [ { category: "self", summary: "CVE-2024-39489", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39489.json", }, ], title: "CVE-2024-39489", }, { cve: "CVE-2024-42070", references: [ { category: "self", summary: "CVE-2024-42070", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42070.json", }, ], title: "CVE-2024-42070", }, { cve: "CVE-2024-42076", references: [ { category: "self", summary: "CVE-2024-42076", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42076.json", }, ], title: "CVE-2024-42076", }, { cve: "CVE-2024-42080", references: [ { category: "self", summary: "CVE-2024-42080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42080.json", }, ], title: "CVE-2024-42080", }, { cve: "CVE-2024-38428", cwe: { id: "CWE-115", name: "Misinterpretation of Input", }, notes: [ { category: "other", text: "Misinterpretation of Input", title: "CWE-115", }, ], references: [ { category: "self", summary: "CVE-2024-38428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38428.json", }, ], title: "CVE-2024-38428", }, { cve: "CVE-2024-42082", references: [ { category: "self", summary: "CVE-2024-42082", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42082.json", }, ], title: "CVE-2024-42082", }, { cve: "CVE-2022-48788", references: [ { category: "self", summary: "CVE-2022-48788", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48788.json", }, ], title: "CVE-2022-48788", }, { cve: "CVE-2023-52340", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-52340", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52340.json", }, ], title: "CVE-2023-52340", }, { cve: "CVE-2022-48841", references: [ { category: "self", summary: "CVE-2022-48841", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48841.json", }, ], title: "CVE-2022-48841", }, { cve: "CVE-2024-39485", references: [ { category: "self", summary: "CVE-2024-39485", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39485.json", }, ], title: "CVE-2024-39485", }, { cve: "CVE-2024-39483", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, ], references: [ { category: "self", summary: "CVE-2024-39483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39483.json", }, ], title: "CVE-2024-39483", }, { cve: "CVE-2024-42071", references: [ { category: "self", summary: "CVE-2024-42071", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42071.json", }, ], title: "CVE-2024-42071", }, { cve: "CVE-2024-42072", references: [ { category: "self", summary: "CVE-2024-42072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42072.json", }, ], title: "CVE-2024-42072", }, { cve: "CVE-2024-42237", references: [ { category: "self", summary: "CVE-2024-42237", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42237.json", }, ], title: "CVE-2024-42237", }, { cve: "CVE-2024-42083", references: [ { category: "self", summary: "CVE-2024-42083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42083.json", }, ], title: "CVE-2024-42083", }, ], }
ghsa-c8f6-x9xm-x27g
Vulnerability from github
Published
2022-12-14 21:30
Modified
2022-12-16 21:30
Severity ?
Details
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
{ affected: [], aliases: [ "CVE-2022-2601", ], database_specific: { cwe_ids: [ "CWE-122", "CWE-787", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2022-12-14T21:15:00Z", severity: "HIGH", }, details: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", id: "GHSA-c8f6-x9xm-x27g", modified: "2022-12-16T21:30:43Z", published: "2022-12-14T21:30:17Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2601", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202311-14", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20230203-0004", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2022-2601
Vulnerability from fkie_nvd
Published
2022-12-14 21:15
Modified
2024-11-21 07:01
Severity ?
Summary
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", matchCriteriaId: "7E48B3B4-3F7F-4169-ABC8-448AA351276E", versionEndIncluding: "2.06", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "48C2E003-A71C-4D06-B8B3-F93160568182", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "BE1A81A1-63EC-431C-9CBC-8D28C15AB3E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", }, { lang: "es", value: "Se encontró un desbordamiento del búfer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamiento al calcular el valor max_glyph_size, asignando un búfer más pequeño de lo necesario para el glifo, lo que además provoca un desbordamiento del búfer y una escritura fuera de los límites basada en el heap. Un atacante puede utilizar esta vulnerabilidad para eludir el mecanismo de arranque seguro.", }, ], id: "CVE-2022-2601", lastModified: "2024-11-21T07:01:19.873", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-14T21:15:10.190", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202311-14", }, { source: "secalert@redhat.com", url: "https://security.netapp.com/advisory/ntap-20230203-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202311-14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230203-0004/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
opensuse-su-2024:12517-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
grub2-2.06-31.1 on GA media
Notes
Title of the patch
grub2-2.06-31.1 on GA media
Description of the patch
These are all security issues fixed in the grub2-2.06-31.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12517
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "grub2-2.06-31.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the grub2-2.06-31.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-12517", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12517-1.json", }, { category: "self", summary: "SUSE CVE CVE-2022-2601 page", url: "https://www.suse.com/security/cve/CVE-2022-2601/", }, { category: "self", summary: "SUSE CVE CVE-2022-3775 page", url: "https://www.suse.com/security/cve/CVE-2022-3775/", }, ], title: "grub2-2.06-31.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:12517-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grub2-2.06-31.1.aarch64", product: { name: "grub2-2.06-31.1.aarch64", product_id: "grub2-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-31.1.aarch64", product: { name: "grub2-branding-upstream-2.06-31.1.aarch64", product_id: "grub2-branding-upstream-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-i386-pc-2.06-31.1.aarch64", product: { name: "grub2-i386-pc-2.06-31.1.aarch64", product_id: "grub2-i386-pc-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.06-31.1.aarch64", product: { name: "grub2-i386-pc-debug-2.06-31.1.aarch64", product_id: "grub2-i386-pc-debug-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.06-31.1.aarch64", product: { name: "grub2-snapper-plugin-2.06-31.1.aarch64", product_id: "grub2-snapper-plugin-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.06-31.1.aarch64", product: { name: "grub2-systemd-sleep-plugin-2.06-31.1.aarch64", product_id: "grub2-systemd-sleep-plugin-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.06-31.1.aarch64", product: { name: "grub2-x86_64-efi-2.06-31.1.aarch64", product_id: "grub2-x86_64-efi-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.06-31.1.aarch64", product: { name: "grub2-x86_64-efi-debug-2.06-31.1.aarch64", product_id: "grub2-x86_64-efi-debug-2.06-31.1.aarch64", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.06-31.1.aarch64", product: { name: "grub2-x86_64-xen-2.06-31.1.aarch64", product_id: "grub2-x86_64-xen-2.06-31.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grub2-2.06-31.1.ppc64le", product: { name: "grub2-2.06-31.1.ppc64le", product_id: "grub2-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-31.1.ppc64le", product: { name: "grub2-branding-upstream-2.06-31.1.ppc64le", product_id: "grub2-branding-upstream-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-i386-pc-2.06-31.1.ppc64le", product: { name: "grub2-i386-pc-2.06-31.1.ppc64le", product_id: "grub2-i386-pc-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.06-31.1.ppc64le", product: { name: "grub2-i386-pc-debug-2.06-31.1.ppc64le", product_id: "grub2-i386-pc-debug-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.06-31.1.ppc64le", product: { name: "grub2-snapper-plugin-2.06-31.1.ppc64le", product_id: "grub2-snapper-plugin-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", product: { name: "grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", product_id: "grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.06-31.1.ppc64le", product: { name: "grub2-x86_64-efi-2.06-31.1.ppc64le", product_id: "grub2-x86_64-efi-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.06-31.1.ppc64le", product: { name: "grub2-x86_64-efi-debug-2.06-31.1.ppc64le", product_id: "grub2-x86_64-efi-debug-2.06-31.1.ppc64le", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.06-31.1.ppc64le", product: { name: "grub2-x86_64-xen-2.06-31.1.ppc64le", product_id: "grub2-x86_64-xen-2.06-31.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grub2-2.06-31.1.s390x", product: { name: "grub2-2.06-31.1.s390x", product_id: "grub2-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-31.1.s390x", product: { name: "grub2-branding-upstream-2.06-31.1.s390x", product_id: "grub2-branding-upstream-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-i386-pc-2.06-31.1.s390x", product: { name: "grub2-i386-pc-2.06-31.1.s390x", product_id: "grub2-i386-pc-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.06-31.1.s390x", product: { name: "grub2-i386-pc-debug-2.06-31.1.s390x", product_id: "grub2-i386-pc-debug-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.06-31.1.s390x", product: { name: "grub2-snapper-plugin-2.06-31.1.s390x", product_id: "grub2-snapper-plugin-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.06-31.1.s390x", product: { name: "grub2-systemd-sleep-plugin-2.06-31.1.s390x", product_id: "grub2-systemd-sleep-plugin-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.06-31.1.s390x", product: { name: "grub2-x86_64-efi-2.06-31.1.s390x", product_id: "grub2-x86_64-efi-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.06-31.1.s390x", product: { name: "grub2-x86_64-efi-debug-2.06-31.1.s390x", product_id: "grub2-x86_64-efi-debug-2.06-31.1.s390x", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.06-31.1.s390x", product: { name: "grub2-x86_64-xen-2.06-31.1.s390x", product_id: "grub2-x86_64-xen-2.06-31.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grub2-2.06-31.1.x86_64", product: { name: "grub2-2.06-31.1.x86_64", product_id: "grub2-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-branding-upstream-2.06-31.1.x86_64", product: { name: "grub2-branding-upstream-2.06-31.1.x86_64", product_id: "grub2-branding-upstream-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-i386-pc-2.06-31.1.x86_64", product: { name: "grub2-i386-pc-2.06-31.1.x86_64", product_id: "grub2-i386-pc-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-i386-pc-debug-2.06-31.1.x86_64", product: { name: "grub2-i386-pc-debug-2.06-31.1.x86_64", product_id: "grub2-i386-pc-debug-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-snapper-plugin-2.06-31.1.x86_64", product: { name: "grub2-snapper-plugin-2.06-31.1.x86_64", product_id: "grub2-snapper-plugin-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-systemd-sleep-plugin-2.06-31.1.x86_64", product: { name: "grub2-systemd-sleep-plugin-2.06-31.1.x86_64", product_id: "grub2-systemd-sleep-plugin-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-efi-2.06-31.1.x86_64", product: { name: "grub2-x86_64-efi-2.06-31.1.x86_64", product_id: "grub2-x86_64-efi-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-efi-debug-2.06-31.1.x86_64", product: { name: "grub2-x86_64-efi-debug-2.06-31.1.x86_64", product_id: "grub2-x86_64-efi-debug-2.06-31.1.x86_64", }, }, { category: "product_version", name: "grub2-x86_64-xen-2.06-31.1.x86_64", product: { name: "grub2-x86_64-xen-2.06-31.1.x86_64", product_id: "grub2-x86_64-xen-2.06-31.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grub2-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-2.06-31.1.aarch64", }, product_reference: "grub2-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-2.06-31.1.ppc64le", }, product_reference: "grub2-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-2.06-31.1.s390x", }, product_reference: "grub2-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-2.06-31.1.x86_64", }, product_reference: "grub2-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.aarch64", }, product_reference: "grub2-branding-upstream-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.ppc64le", }, product_reference: "grub2-branding-upstream-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.s390x", }, product_reference: "grub2-branding-upstream-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-branding-upstream-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.x86_64", }, product_reference: "grub2-branding-upstream-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.aarch64", }, product_reference: "grub2-i386-pc-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.ppc64le", }, product_reference: "grub2-i386-pc-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.s390x", }, product_reference: "grub2-i386-pc-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.x86_64", }, product_reference: "grub2-i386-pc-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-debug-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.aarch64", }, product_reference: "grub2-i386-pc-debug-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-debug-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.ppc64le", }, product_reference: "grub2-i386-pc-debug-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-debug-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.s390x", }, product_reference: "grub2-i386-pc-debug-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-i386-pc-debug-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.x86_64", }, product_reference: "grub2-i386-pc-debug-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.aarch64", }, product_reference: "grub2-snapper-plugin-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.ppc64le", }, product_reference: "grub2-snapper-plugin-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.s390x", }, product_reference: "grub2-snapper-plugin-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-snapper-plugin-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.x86_64", }, product_reference: "grub2-snapper-plugin-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.aarch64", }, product_reference: "grub2-systemd-sleep-plugin-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", }, product_reference: "grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.s390x", }, product_reference: "grub2-systemd-sleep-plugin-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-systemd-sleep-plugin-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.x86_64", }, product_reference: "grub2-systemd-sleep-plugin-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.aarch64", }, product_reference: "grub2-x86_64-efi-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.ppc64le", }, product_reference: "grub2-x86_64-efi-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.s390x", }, product_reference: "grub2-x86_64-efi-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.x86_64", }, product_reference: "grub2-x86_64-efi-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-debug-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.aarch64", }, product_reference: "grub2-x86_64-efi-debug-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-debug-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.ppc64le", }, product_reference: "grub2-x86_64-efi-debug-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-debug-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.s390x", }, product_reference: "grub2-x86_64-efi-debug-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-efi-debug-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.x86_64", }, product_reference: "grub2-x86_64-efi-debug-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-31.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.aarch64", }, product_reference: "grub2-x86_64-xen-2.06-31.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-31.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.ppc64le", }, product_reference: "grub2-x86_64-xen-2.06-31.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-31.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.s390x", }, product_reference: "grub2-x86_64-xen-2.06-31.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grub2-x86_64-xen-2.06-31.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.x86_64", }, product_reference: "grub2-x86_64-xen-2.06-31.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2601", }, ], notes: [ { category: "general", text: "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grub2-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2601", url: "https://www.suse.com/security/cve/CVE-2022-2601", }, { category: "external", summary: "SUSE Bug 1205178 for CVE-2022-2601", url: "https://bugzilla.suse.com/1205178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grub2-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:grub2-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-3775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3775", }, ], notes: [ { category: "general", text: "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grub2-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3775", url: "https://www.suse.com/security/cve/CVE-2022-3775", }, { category: "external", summary: "SUSE Bug 1205182 for CVE-2022-3775", url: "https://bugzilla.suse.com/1205182", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grub2-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:grub2-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-branding-upstream-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-31.1.x86_64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.aarch64", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.ppc64le", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.s390x", "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-3775", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.