CVE-2021-3695
First published: Mon Aug 09 2021(Updated: )
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/grub2 | 2.06-3~deb10u1 2.06-3~deb10u3 2.06-3~deb11u5 2.06-3~deb11u4 2.06-13 2.12~rc1-9 | |
| redhat/grub2 | <1:2.02-123.el8_6.8 | 1:2.02-123.el8_6.8 |
| redhat/grub2 | <1:2.02-87.el8_1.10 | 1:2.02-87.el8_1.10 |
| redhat/grub2 | <1:2.02-87.el8_2.10 | 1:2.02-87.el8_2.10 |
| redhat/grub2 | <1:2.02-99.el8_4.9 | 1:2.02-99.el8_4.9 |
| redhat/grub2 | <1:2.06-27.el9_0.7 | 1:2.06-27.el9_0.7 |
| redhat/grub | <2.12 | 2.12 |
| Gnu Grub2 | >=2.00<2.12 | |
| Fedoraproject Fedora | =36 | |
| Redhat Developer Tools | =1.0 | |
| Redhat Openshift | =3.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =8.1 | |
| Redhat Enterprise Linux | =8.4 | |
| Redhat Enterprise Linux | =9.0 | |
| Redhat Enterprise Linux Eus | =8.2 | |
| Redhat Enterprise Linux Eus | =8.4 | |
| Redhat Enterprise Linux Eus | =8.6 | |
| Redhat Enterprise Linux Eus | =9.0 | |
| Redhat Enterprise Linux For Power Little Endian | =8.0 | |
| Redhat Enterprise Linux For Power Little Endian | =9.0 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =8.2 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =8.4 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =8.6 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =9.0 | |
| Redhat Enterprise Linux Server Aus | =8.2 | |
| Redhat Enterprise Linux Server Aus | =8.4 | |
| Redhat Enterprise Linux Server Aus | =8.6 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.1 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.2 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.4 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.6 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =9.0 | |
| Redhat Enterprise Linux Server Tus | =8.2 | |
| Redhat Enterprise Linux Server Tus | =8.4 | |
| Redhat Enterprise Linux Server Tus | =8.6 | |
| Redhat Openshift Container Platform | =4.6 | |
| Redhat Openshift Container Platform | =4.9 | |
| Redhat Openshift Container Platform | =4.10 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Codeready Linux Builder | ||
| Redhat Enterprise Linux | =9.0 | |
| Redhat Enterprise Linux Eus | =8.2 | |
| Redhat Enterprise Linux Eus | =8.4 | |
| Redhat Enterprise Linux Eus | =8.6 | |
| Redhat Enterprise Linux Eus | =9.0 | |
| NetApp ONTAP Select Deploy administration utility |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1991685
- https://security.gentoo.org/glsa/202209-12
- https://security.netapp.com/advisory/ntap-20220930-0001/
- https://launchpad.net/bugs/cve/CVE-2021-3695
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2094468
- https://access.redhat.com/errata/RHSA-2022:5098
- https://access.redhat.com/errata/RHSA-2022:5096
- https://access.redhat.com/errata/RHSA-2022:5099
- https://access.redhat.com/errata/RHSA-2022:5095
- https://access.redhat.com/errata/RHSA-2022:5100
- https://access.redhat.com/security/cve/cve-2021-3695
- https://www.cve.org/CVERecord?id=CVE-2021-3695 https://nvd.nist.gov/vuln/detail/CVE-2021-3695
- https://www.openwall.com/lists/oss-security/2022/06/07/5
- https://security-tracker.debian.org/tracker/CVE-2021-3695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695
- https://nvd.nist.gov/vuln/detail/CVE-2021-3695
- https://ubuntu.com/security/CVE-2021-3695
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2021-3695?
CVE-2021-3695 is a vulnerability in grub 2 that may lead to heap data corruption or arbitrary code execution.
How severe is CVE-2021-3695?
CVE-2021-3695 has a severity rating of 7 (high).
What is the affected software?
The affected software includes Redhat Enterprise Linux versions 8.0 to 8.6, Redhat Codeready Linux Builder, and Netapp Ontap Select Deploy Administration Utility.
How can CVE-2021-3695 be exploited?
CVE-2021-3695 can be exploited through a crafted 16-bit grayscale PNG image that triggers an out-of-bounds write in the heap area.
Where can I find more information about CVE-2021-3695?
You can find more information about CVE-2021-3695 on the CVE website, NIST National Vulnerability Database, Redhat Bugzilla, and Redhat Access Portal.
- collector/usn-cve
- collector/launchpad-cve
- collector/security-tracker-debian
- collector/redhat-cve
- agent/author
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3695
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/debian
- package-manager/redhat
- vendor/gnu
- canonical/gnu grub2
- version/gnu grub2/2.00
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- vendor/redhat
- canonical/redhat developer tools
- version/redhat developer tools/1.0
- canonical/redhat openshift
- version/redhat openshift/3.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/8.1
- version/redhat enterprise linux/8.4
- version/redhat enterprise linux/9.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.2
- version/redhat enterprise linux eus/8.4
- version/redhat enterprise linux eus/8.6
- version/redhat enterprise linux eus/9.0
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/8.0
- version/redhat enterprise linux for power little endian/9.0
- canonical/redhat enterprise linux for power little endian eus
- version/redhat enterprise linux for power little endian eus/8.2
- version/redhat enterprise linux for power little endian eus/8.4
- version/redhat enterprise linux for power little endian eus/8.6
- version/redhat enterprise linux for power little endian eus/9.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/8.2
- version/redhat enterprise linux server aus/8.4
- version/redhat enterprise linux server aus/8.6
- canonical/redhat enterprise linux server for power little endian update services for sap solutions
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.1
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.2
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.4
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.6
- version/redhat enterprise linux server for power little endian update services for sap solutions/9.0
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/8.2
- version/redhat enterprise linux server tus/8.4
- version/redhat enterprise linux server tus/8.6
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.6
- version/redhat openshift container platform/4.9
- version/redhat openshift container platform/4.10
- canonical/redhat codeready linux builder
- vendor/netapp
- canonical/netapp ontap select deploy administration utility