CVE-2021-3697 - Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server Tus and Redhat Enterprise Linux For Power Little Endian Eus

July 6, 2022

Moderate 7.0

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Affected software

Redhat Enterprise Linux Eus

Redhat Enterprise Linux Server Tus

Redhat Enterprise Linux For Power Little Endian Eus

Gnu Grub

Redhat Developer Tools

Redhat Enterprise Linux Server Aus

Redhat Openshift

Redhat Enterprise Linux For Power Little Endian

Redhat Openshift Container Platform

Redhat Codeready Linux Builder

Redhat Enterprise Linux

Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Reference links

https://bugzilla.redhat.com/show_bug.cgi?id=1991687

CVE-2021-3697 - Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server Tus and Redhat Enterprise Linux For Power Little Endian Eus

Affected software

Reference links

Get alerted to vulnerabilities in your software