Security Vulnerability: Boothole November 2022 / Boothole 4
This document (000021048) is provided subject to the disclaimer at the end of this document.
For a comprehensive list of affected products please visit the SUSE CVE announcements:
For regular users with their machine under full control this is less of an issue as on scenarios relying on secure boot, like public systems.
- CVE-2022-2601: A crafted PF2 font could cause a buffer overflow in grub_font_construct_glyph.
- CVE-2022-3775: Fixed an integer underflow in blit_comb() font handling.
These security issues require attackers to supply crafted fonts to grub2, which is unlikely in common local scenarios, but can allow bypassing secure boot chain.
- Switched to a new secure boot signing key for secure boot signed artefacts in March 2023.
The new key was published on https://www.suse.com/support/security/keys/
- Released grub2 updates, with incremented SBAT revision on x86_64 and also signed with the new secure boot key to allow disabling it on IBM Z and IBM Power in March 2023.
- Released Linux Kernel Updates signed with the new signing key in March 2023.
- Released various other secure boot signed artefact packages, like s390-tools, fwupd, fwupdate in March and April 2023.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021048
- Creation Date: 20-Apr-2023
- Modified Date:20-Apr-2023
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com