CVE-2021-3697
Description
A heap buffer underflow in GRUB2's JPEG reader (prior to 2.12) lets an attacker write controlled data, enabling code execution or secure boot bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer underflow in GRUB2's JPEG reader (prior to 2.12) lets an attacker write controlled data, enabling code execution or secure boot bypass.
Vulnerability
The JPEG image decoder in GRUB2 versions prior to grub-2.12 contains a heap buffer underflow flaw. When processing a specially crafted JPEG image, the reader can underflow its internal data pointer, resulting in a write of user-controlled data to heap memory [1]. The vulnerability resides in the JPEG parsing code and is triggered by a maliciously formed image file.
Exploitation
An attacker with the ability to deliver a crafted JPEG image to a target system (e.g., by physical access during boot or by controlling the boot image) must first perform heap layout triage to align the underflow write with a sensitive memory location. After crafting a JPEG image with a specific malicious format and payload, the attacker causes the underflow during decoding, writing controlled data to the heap [1].
Impact
Successful exploitation leads to data corruption within the heap and can escalate to arbitrary code execution in the GRUB environment. This can potentially subvert secure boot, allowing the attacker to bypass integrity verification and execute unauthorized code [1].
Mitigation
The issue is fixed in GRUB 2.12. Red Hat released patches via RHSA-2022:5095, RHSA-2022:5096, RHSA-2022:5098, and RHSA-2022:5099 [1]. Gentoo recommends upgrading to >=sys-boot/grub-2.06-r3 and running grub-install afterwards [2]. No workaround exists before applying the update.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
66- grub2/grub2description
- osv-coords65 versionspkg:rpm/almalinux/grub2-commonpkg:rpm/almalinux/grub2-efi-aa64pkg:rpm/almalinux/grub2-efi-aa64-cdbootpkg:rpm/almalinux/grub2-efi-aa64-modulespkg:rpm/almalinux/grub2-efi-ia32pkg:rpm/almalinux/grub2-efi-ia32-cdbootpkg:rpm/almalinux/grub2-efi-ia32-modulespkg:rpm/almalinux/grub2-efi-x64pkg:rpm/almalinux/grub2-efi-x64-cdbootpkg:rpm/almalinux/grub2-efi-x64-modulespkg:rpm/almalinux/grub2-pcpkg:rpm/almalinux/grub2-pc-modulespkg:rpm/almalinux/grub2-ppc64lepkg:rpm/almalinux/grub2-ppc64le-modulespkg:rpm/almalinux/grub2-toolspkg:rpm/almalinux/grub2-tools-efipkg:rpm/almalinux/grub2-tools-extrapkg:rpm/almalinux/grub2-tools-minimalpkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-unsigned-x64pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/grub2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grub2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1:2.02-123.el8_6.8.alma+ 64 more
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.06-27.el9_0.7.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 1:2.02-123.el8_6.8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 15.6-1.el8.alma
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.06-25.1
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.04-150300.3.5.1
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.02-115.67.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-150000.122.12.2
- (no CPE)range: < 2.02-150100.123.12.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150300.22.20.2
- (no CPE)range: < 2.06-150400.11.5.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.04-150200.9.63.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
- (no CPE)range: < 2.02-137.2
- (no CPE)range: < 2.02-143.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- security.gentoo.org/glsa/202209-12mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220930-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.