Bug 1191186 - (CVE-2021-3697) VUL-0: CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow write in the heap
(CVE-2021-3697)
VUL-0: CVE-2021-3697: grub2: Crafted JPEG image can lead to buffer underflow ...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Bootloader Maintainers
Security Team bot
CVSSv3.1:SUSE:CVE-2021-3697:7.5:(AV:L...
:
Depends on:
Blocks: 1198581
  Show dependency treegraph
 
Reported: 2021-09-30 12:21 UTC by Marcus Meissner
Modified: 2022-07-28 12:29 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
0012-jpeg-block-int-underflow-wild-pointer-write.patch (1.84 KB, patch)
2021-09-30 12:29 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2021-09-30 12:29:36 UTC
Created attachment 852850 [details]
0012-jpeg-block-int-underflow-wild-pointer-write.patch

keybase has a patch bundle,

0012-jpeg-block-int-underflow-wild-pointer-write.patch

  I think.
Comment 2 Marcus Meissner 2021-11-04 14:02:48 UTC
This is an embargoed bug. This means that this information is not public.

Please do NOT:
- talk to other people about this unless they're involved in fixing the issue
- make this bug public
- submit this into OBS (e.g. fix Leap/Tumbleweed) until this bug becomes public (e.g. no EMBARGOED tag on the header)

Consult with security team if you think that the issue is public and the bug is still private (e.g. subject still contains "EMBARGOED").

Please do NOT make the bug public yourself!

Please be aware that the SUSE:SLE-15-SP4:GA codestream is available via OBS, so do NOT submit there before this is public.

These are the steps that are asked from you:
1, Your primary responsibility is to submit a fix for this issue. Here's a how-to for submitting packages for maintenance releases in IBS:
   https://confluence.suse.com/display/maintenance/How+to+Submit+Packages+or+Containers+to+Maintenance
   Apart from the GA codestreams mentioned above, you can submit to IBS anytime. This is private and allows us to start testing as soon as possible.
2, We also want to fix openSUSE if it's affected.
   $ is_maintained $PACKAGE
   will tell you if the package is inherited from SLES or if it is branched for openSUSE. There are two cases:
   - It's coming from SLES: The update will automatically be released for openSUSE. Nothing to do for you.
   - It's branched for openSUSE: You need to submit AFTER the bug became public, to the current openSUSE codestreams.
   For openSUSE Factory please submit to the devel project of your package AFTER the bug became public.

Security will then take the following steps:
- We wait for your submission and package them into an incident for QA testing. The QA tester might reach out to you if they find issues with the update.
- Once the coordinated release date (CRD), the date this issue should become public, is reached (or for internal findings: once we're done testing), we remove the EMBARGOED tag from this bug and publish the updates.
- Only if the bug here is public you may submit to public repositories (OBS).

You can contact us at:

* IRC: irc.suse.de #security
* Do NOT use Slack or any non-SUSE hosted messaging services
* Email: security-team@suse.de
Comment 3 Marcus Meissner 2021-12-01 12:38:21 UTC
CRD: 2022-04-26
Comment 4 Marcus Meissner 2022-04-20 11:13:13 UTC
CRD: 2022-05-24
Comment 5 Marcus Meissner 2022-05-16 09:13:56 UTC
New CRD was set to allow shim code to be ready.

CRD: 2022-06-07 10:00PT
Comment 9 Marcus Meissner 2022-06-07 18:13:35 UTC
public now
Comment 10 Swamp Workflow Management 2022-06-10 13:15:34 UTC
SUSE-SU-2022:2037-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    grub2-2.02-137.2
SUSE OpenStack Cloud 8 (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    grub2-2.02-137.2
HPE Helion Openstack 8 (src):    grub2-2.02-137.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-06-10 13:16:55 UTC
SUSE-SU-2022:2035-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    grub2-2.06-150400.11.5.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-06-10 13:18:08 UTC
SUSE-SU-2022:2039-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    grub2-2.02-115.67.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-06-10 13:19:19 UTC
SUSE-SU-2022:2041-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    grub2-2.02-150100.123.12.2
SUSE Enterprise Storage 6 (src):    grub2-2.02-150100.123.12.2
SUSE CaaS Platform 4.0 (src):    grub2-2.02-150100.123.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-06-10 13:21:31 UTC
SUSE-SU-2022:2036-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise Server 15-LTSS (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    grub2-2.02-150000.122.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2022-06-10 13:22:43 UTC
SUSE-SU-2022:2038-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grub2-2.02-143.2
SUSE OpenStack Cloud 9 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server 12-SP5 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    grub2-2.02-143.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-06-13 19:16:21 UTC
SUSE-SU-2022:2064-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Micro 5.2 (src):    grub2-2.04-150300.22.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2022-06-14 13:16:14 UTC
SUSE-SU-2022:2074-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Manager Retail Branch Server 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Manager Proxy 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server 15-SP2-BCL (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    grub2-2.04-150200.9.63.2
SUSE Enterprise Storage 7 (src):    grub2-2.04-150200.9.63.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2022-06-14 13:18:49 UTC
SUSE-SU-2022:2073-1: An update that solves 7 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1071559,1159205,1179981,1189769,1189874,1191184,1191185,1191186,1191504,1191974,1192522,1192622,1193282,1193532,1195204,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):    grub2-2.04-150300.3.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Benjamin Brunner 2022-07-28 12:29:31 UTC
Bulk-re-assigning to the new bootloader-maintainers@suse.de group.