CVE-2021-3696
Description
A heap out-of-bounds write in GRUB2's PNG reader Huffman table handling could lead to data corruption; exploitation is complex but may allow secure boot bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap out-of-bounds write in GRUB2's PNG reader Huffman table handling could lead to data corruption; exploitation is complex but may allow secure boot bypass.
Vulnerability
A heap out-of-bounds write vulnerability exists in the PNG reader of GRUB2 versions prior to grub-2.12. The flaw occurs during the handling of Huffman tables when decoding a crafted PNG image. The attacker must supply a specially crafted PNG file that triggers the out-of-bounds write in heap memory. [1]
Exploitation
Exploitation requires the attacker to have the ability to load a malicious PNG image into GRUB2, for example by placing it on a boot partition or via a network boot. The attacker must carefully control the encoding and positioning of corrupted Huffman entries to achieve a write beyond the allocated heap buffer. The complexity is high, as noted in the description. [1]
Impact
Successful exploitation could lead to data corruption in heap space. While the confidentiality, integrity, and availability impact are considered Low, under specific conditions an attacker might achieve arbitrary code execution or circumvent secure boot protections. [1][2]
Mitigation
The issue is fixed in GRUB2 version grub-2.12. Red Hat has addressed the issue in various products via RHSA-2022:5098, RHSA-2022:5096, and RHSA-2022:5099. Gentoo recommends upgrading to >=sys-boot/grub-2.06-r3. Users should upgrade their GRUB2 installation and then run grub-install to apply the fix. [1][2]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
67- grub2/grub2description
- osv-coords65 versionspkg:rpm/almalinux/grub2-commonpkg:rpm/almalinux/grub2-efi-aa64pkg:rpm/almalinux/grub2-efi-aa64-cdbootpkg:rpm/almalinux/grub2-efi-aa64-modulespkg:rpm/almalinux/grub2-efi-ia32pkg:rpm/almalinux/grub2-efi-ia32-cdbootpkg:rpm/almalinux/grub2-efi-ia32-modulespkg:rpm/almalinux/grub2-efi-x64pkg:rpm/almalinux/grub2-efi-x64-cdbootpkg:rpm/almalinux/grub2-efi-x64-modulespkg:rpm/almalinux/grub2-pcpkg:rpm/almalinux/grub2-pc-modulespkg:rpm/almalinux/grub2-ppc64lepkg:rpm/almalinux/grub2-ppc64le-modulespkg:rpm/almalinux/grub2-toolspkg:rpm/almalinux/grub2-tools-efipkg:rpm/almalinux/grub2-tools-extrapkg:rpm/almalinux/grub2-tools-minimalpkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-unsigned-x64pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/grub2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grub2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1:2.02-123.el8_6.8.alma+ 64 more
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.06-27.el9_0.7.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.06-25.1
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.04-150300.3.5.1
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.02-115.67.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- security.gentoo.org/glsa/202209-12mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220930-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.