VYPR
← All advisories
High severity8.6NVD Advisory· Published Dec 14, 2022· Updated May 27, 2026

CVE-2022-2601

CVE-2022-2601

Description

A heap buffer overflow in GRUB2's font parser (grub_font_construct_glyph) allows a crafted PF2 font to bypass Secure Boot.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap buffer overflow in GRUB2's font parser (grub_font_construct_glyph) allows a crafted PF2 font to bypass Secure Boot.

Vulnerability

A heap buffer overflow vulnerability exists in the grub_font_construct_glyph() function of the GRUB2 bootloader. A crafted PF2 font file can cause an integer overflow when calculating the max_glyph_size value, leading to allocation of a buffer smaller than required. This enables a heap-based out-of-bounds write. Affected versions include GRUB2 prior to the patches issued in December 2022 for Red Hat Enterprise Linux [2], and before version 2.06-r4 for Gentoo [3]. Microsoft also issued a related update in August 2024 targeting Secure Boot bypass [1].

Exploitation

An attacker with the ability to load a malicious PF2 font (e.g., via local access or by compromising the boot process) can trigger the overflow. No authentication is required if the attacker already controls the boot environment, and user interaction may involve booting a system configured to load the tainted font. The overflow occurs during glyph construction, where the heap buffer write exceeds the allocated size.

Impact

Successful exploitation results in a heap-based out-of-bounds write, which can be leveraged to corrupt memory and execute arbitrary code within the GRUB context. This would allow an attacker to bypass Secure Boot protections, load untrusted boot components, and gain persistence or execute unsigned code during the boot process [1][2].

Mitigation

Red Hat addressed the issue in Red Hat Enterprise Linux via RHSA-2022:8800 on December 6, 2022 [2]. Gentoo released version >=sys-boot/grub-2.06-r4 [3]. Users should update GRUB to the latest patched version provided by their distribution. No workaround is available; the vulnerability requires a software fix. Microsoft's August 2024 update also revokes vulnerable GRUB bootloaders via SBAT data to prevent Secure Boot bypass [1].

References
  1. “Something has gone seriously wrong,” dual-boot systems warn after Microsoft update
  2. Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
  3. Multiple Vulnerabilities (GLSA 202311-14) — Gentoo security

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

59

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

4

News mentions

0

No linked articles in our index yet.