CVE-2021-3695
Description
A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2's heap, potentially leading to arbitrary code execution and secure boot bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2's heap, potentially leading to arbitrary code execution and secure boot bypass.
Vulnerability
A crafted 16-bit grayscale PNG image can trigger an out-of-bounds write in the heap area of GRUB2. This vulnerability affects GRUB2 versions prior to grub-2.12 [1]. The issue is triggered when GRUB2 processes a malformed PNG image during boot.
Exploitation
An attacker must deliver a specially crafted PNG image to the system, which is processed by GRUB2 during the boot sequence. Exploitation is complex because the attacker needs to perform triage on the heap layout, and the values written into memory are repeated three times in a row, making it difficult to produce a valid payload [1].
Impact
Successful exploitation can lead to heap data corruption and potentially arbitrary code execution, allowing the attacker to bypass secure boot protections [1].
Mitigation
The vulnerability is fixed in grub-2.12 [1]. As a mitigation, users should upgrade to a patched version; for Gentoo, the recommended version is >=sys-boot/grub-2.06-r3 [2]. After upgrading, running grub-install is necessary to apply the fix [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
66- grub2/grub2description
- osv-coords65 versionspkg:rpm/almalinux/grub2-commonpkg:rpm/almalinux/grub2-efi-aa64pkg:rpm/almalinux/grub2-efi-aa64-cdbootpkg:rpm/almalinux/grub2-efi-aa64-modulespkg:rpm/almalinux/grub2-efi-ia32pkg:rpm/almalinux/grub2-efi-ia32-cdbootpkg:rpm/almalinux/grub2-efi-ia32-modulespkg:rpm/almalinux/grub2-efi-x64pkg:rpm/almalinux/grub2-efi-x64-cdbootpkg:rpm/almalinux/grub2-efi-x64-modulespkg:rpm/almalinux/grub2-pcpkg:rpm/almalinux/grub2-pc-modulespkg:rpm/almalinux/grub2-ppc64lepkg:rpm/almalinux/grub2-ppc64le-modulespkg:rpm/almalinux/grub2-toolspkg:rpm/almalinux/grub2-tools-efipkg:rpm/almalinux/grub2-tools-extrapkg:rpm/almalinux/grub2-tools-minimalpkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-unsigned-x64pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/grub2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grub2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1:2.02-123.el8_6.8.alma+ 64 more
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.06-27.el9_0.7.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.06-25.1
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.04-150300.3.5.1
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.02-115.67.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- security.gentoo.org/glsa/202209-12mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220930-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.