CVE-2021-3695
First published: Mon Aug 09 2021(Updated: )
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/grub2 | 2.06-3~deb10u1 2.06-3~deb10u3 2.06-3~deb11u5 2.06-3~deb11u4 2.06-13 2.12~rc1-9 | |
| redhat/grub2 | <1:2.02-123.el8_6.8 | 1:2.02-123.el8_6.8 |
| redhat/grub2 | <1:2.02-87.el8_1.10 | 1:2.02-87.el8_1.10 |
| redhat/grub2 | <1:2.02-87.el8_2.10 | 1:2.02-87.el8_2.10 |
| redhat/grub2 | <1:2.02-99.el8_4.9 | 1:2.02-99.el8_4.9 |
| redhat/grub2 | <1:2.06-27.el9_0.7 | 1:2.06-27.el9_0.7 |
| redhat/grub | <2.12 | 2.12 |
| CentOS Grub2-pc-modules | >=2.00<2.12 | |
| Red Hat Fedora | =36 | |
| Red Hat Developer Tools | =1.0 | |
| Red Hat OpenShift | =3.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =8.1 | |
| Red Hat Enterprise Linux | =8.4 | |
| Red Hat Enterprise Linux | =9.0 | |
| Red Hat Enterprise Linux Server EUS | =8.2 | |
| Red Hat Enterprise Linux Server EUS | =8.4 | |
| Red Hat Enterprise Linux Server EUS | =8.6 | |
| Red Hat Enterprise Linux Server EUS | =9.0 | |
| Red Hat Enterprise Linux for Power, little endian | =8.0 | |
| Red Hat Enterprise Linux for Power, little endian | =9.0 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.0 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.1 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.6 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.0 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat OpenShift Container Platform | =4.6 | |
| Red Hat OpenShift Container Platform | =4.9 | |
| Red Hat OpenShift Container Platform | =4.10 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat CodeReady Linux Builder | ||
| Red Hat Enterprise Linux | =9.0 | |
| Red Hat Enterprise Linux Server EUS | =8.2 | |
| Red Hat Enterprise Linux Server EUS | =8.4 | |
| Red Hat Enterprise Linux Server EUS | =8.6 | |
| Red Hat Enterprise Linux Server EUS | =9.0 | |
| NetApp ONTAP Select Deploy |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1991685
- https://security.gentoo.org/glsa/202209-12
- https://security.netapp.com/advisory/ntap-20220930-0001/
- https://launchpad.net/bugs/cve/CVE-2021-3695
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2094468
- https://access.redhat.com/errata/RHSA-2022:5098
- https://access.redhat.com/errata/RHSA-2022:5096
- https://access.redhat.com/errata/RHSA-2022:5099
- https://access.redhat.com/errata/RHSA-2022:5095
- https://access.redhat.com/errata/RHSA-2022:5100
- https://access.redhat.com/security/cve/cve-2021-3695
- https://www.cve.org/CVERecord?id=CVE-2021-3695 https://nvd.nist.gov/vuln/detail/CVE-2021-3695
- https://www.openwall.com/lists/oss-security/2022/06/07/5
- https://security-tracker.debian.org/tracker/CVE-2021-3695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695
- https://nvd.nist.gov/vuln/detail/CVE-2021-3695
- https://ubuntu.com/security/CVE-2021-3695
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2021-3695?
CVE-2021-3695 is a vulnerability in grub 2 that may lead to heap data corruption or arbitrary code execution.
How severe is CVE-2021-3695?
CVE-2021-3695 has a severity rating of 7 (high).
What is the affected software?
The affected software includes Redhat Enterprise Linux versions 8.0 to 8.6, Redhat Codeready Linux Builder, and Netapp Ontap Select Deploy Administration Utility.
How can CVE-2021-3695 be exploited?
CVE-2021-3695 can be exploited through a crafted 16-bit grayscale PNG image that triggers an out-of-bounds write in the heap area.
Where can I find more information about CVE-2021-3695?
You can find more information about CVE-2021-3695 on the CVE website, NIST National Vulnerability Database, Redhat Bugzilla, and Redhat Access Portal.
- collector/usn-cve
- collector/launchpad-cve
- collector/security-tracker-debian
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3695
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/debian
- package-manager/redhat
- vendor/gnu
- canonical/centos grub2-pc-modules
- version/centos grub2-pc-modules/2.00
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/36
- vendor/redhat
- canonical/red hat developer tools
- version/red hat developer tools/1.0
- canonical/red hat openshift
- version/red hat openshift/3.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/8.1
- version/red hat enterprise linux/8.4
- version/red hat enterprise linux/9.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.2
- version/red hat enterprise linux server eus/8.4
- version/red hat enterprise linux server eus/8.6
- version/red hat enterprise linux server eus/9.0
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/8.0
- version/red hat enterprise linux for power, little endian/9.0
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/8.2
- version/red hat enterprise linux for power, little endian - extended update support/8.4
- version/red hat enterprise linux for power, little endian - extended update support/8.6
- version/red hat enterprise linux for power, little endian - extended update support/9.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- version/red hat enterprise linux server/8.6
- canonical/red hat enterprise linux for sap applications for power, little endian - extended update support
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.1
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.2
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.4
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.6
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.0
- canonical/red hat openshift container platform
- version/red hat openshift container platform/4.6
- version/red hat openshift container platform/4.9
- version/red hat openshift container platform/4.10
- canonical/red hat codeready linux builder
- vendor/netapp
- canonical/netapp ontap select deploy