Security Vulnerability: Boothole November 2022 / Boothole 4
This document (000021048) is provided subject to the disclaimer at the end of this document.
For regular users with their machine under full control this is less of an issue as on scenarios relying on secure boot, like public systems.
- CVE-2022-2601: A crafted PF2 font could cause a buffer overflow in grub_font_construct_glyph.
- CVE-2022-3775: Fixed an integer underflow in blit_comb() font handling.
These security issues require attackers to supply crafted fonts to grub2, which is unlikely in common local scenarios, but can allow bypassing secure boot chain.
- Switched to a new secure boot signing key for secure boot signed artefacts in March 2023.
The new key was published on https://www.suse.com/support/security/keys/
- Released grub2 updates, with incremented SBAT revision on x86_64 and also signed with the new secure boot key to allow disabling it on IBM Z and IBM Power in March 2023.
- Released Linux Kernel Updates signed with the new signing key in March 2023.
- Released various other secure boot signed artefact packages, like s390-tools, fwupd, fwupdate in March and April 2023.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021048
- Creation Date: 20-Apr-2023
- Modified Date:20-Apr-2023
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com