Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences — CVE-2022-3775

Zusammenfassung

Sicherheitshinweis CVE-2022-3775. Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences Hersteller: Microsoft. Quelle: MSRC. Risiko: high. CVSS 7.1. Details in der offiziellen Quelle.

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• .NET and Visual Studio Denial of Service Vulnerability CVE-2024-38168
• Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2024-38098
• Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2024-38162
• Azure CycleCloud Remote Code Execution Vulnerability CVE-2024-38195
• Azure IoT SDK Remote Code Execution Vulnerability CVE-2024-38157
• Azure IoT SDK Remote Code Execution Vulnerability CVE-2024-38158
• Azure Stack Hub Elevation of Privilege Vulnerability CVE-2024-38201
• bna: adjust 'name' buf size of bna_tcb and bna_ccb structures CVE-2024-43839
• Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses. CVE-2024-42040
• Clipboard Virtual Channel Extension Remote Code Execution Vulnerability CVE-2024-38131
• Expired Pointer Dereference in Wireshark CVE-2024-8250
• f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC CVE-2024-44942