Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2022:8494 - Security Advisory
Issued:
2022-11-16
Updated:
2022-11-16

RHSA-2022:8494 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: grub2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grub2 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

  • grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
  • grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
  • BZ - 2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

CVEs

  • CVE-2022-2601
  • CVE-2022-3775

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
grub2-2.02-87.el8_1.11.src.rpm SHA-256: 5b9e2bd1e46cdcc47b9ca0c63caa4f119c6cd79dceb109e4889bee2b5a55ae7b
ppc64le
grub2-common-2.02-87.el8_1.11.noarch.rpm SHA-256: 83b53756c5e09d6a0161fc0d769e16f835f621ab2009ca69dc944c7e749e4fe1
grub2-debuginfo-2.02-87.el8_1.11.ppc64le.rpm SHA-256: 2ab177b25988c21e294720bdd7cba58fff2d1ff01448fe4ec9adaee06b216778
grub2-debugsource-2.02-87.el8_1.11.ppc64le.rpm SHA-256: b3bbacc8af1ae867aab305b5a921301bdbede95325c8633750fe75fdd47d8047
grub2-efi-aa64-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: 722c88624dfafe82e5881d04d85d2b1727d50c4729e9524742211c83c619d76c
grub2-efi-ia32-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: c68884a074128a3cfc8b3703b0ab21fe478852916dd0e870f6e5e36350d589e1
grub2-efi-x64-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: c57ad032083461243601252f932aacf153d49a3c21d3ae58c05eee00b301f33f
grub2-pc-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: f1c91ff887587131d759293c31e21baeba965d95e8e20d46eb48b32d3c19e8ed
grub2-ppc64le-2.02-87.el8_1.11.ppc64le.rpm SHA-256: dfa43abfd5df8e821e1a5ee983c867bac36250ba6b2c72222de5fdbe4d579b25
grub2-ppc64le-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: 3350a0efafa9397461200da1379a5ead30159ce8359e0a31dcbf4b3a46a8971e
grub2-tools-2.02-87.el8_1.11.ppc64le.rpm SHA-256: bf2e43584585f2b4d5011fbdcc74bfb7e01b46bf5a4691c10b043f2a14af9de1
grub2-tools-debuginfo-2.02-87.el8_1.11.ppc64le.rpm SHA-256: de126fc30046f8fd25ceb568950cd21b0b9fa58c1c3058de35ce028b2b5689c9
grub2-tools-extra-2.02-87.el8_1.11.ppc64le.rpm SHA-256: 096f3a51b37dd05c3bc22f89e3d37b16cd071d73945b51b0783ee6b078661999
grub2-tools-extra-debuginfo-2.02-87.el8_1.11.ppc64le.rpm SHA-256: 97dacf3751e2f892709e9fffea6be24d5d82d6ae1e900c906aa3d74b43b7ffc7
grub2-tools-minimal-2.02-87.el8_1.11.ppc64le.rpm SHA-256: 6425212aea2c08fde46fbd9cbb84be43ad7beeb7acbdbe977a4720f7f8ff9956
grub2-tools-minimal-debuginfo-2.02-87.el8_1.11.ppc64le.rpm SHA-256: e181a6152751a5aad942b26ae4f9266a5af61dd54fbfc1a6cc93acfaf05690a0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
grub2-2.02-87.el8_1.11.src.rpm SHA-256: 5b9e2bd1e46cdcc47b9ca0c63caa4f119c6cd79dceb109e4889bee2b5a55ae7b
x86_64
grub2-common-2.02-87.el8_1.11.noarch.rpm SHA-256: 83b53756c5e09d6a0161fc0d769e16f835f621ab2009ca69dc944c7e749e4fe1
grub2-debuginfo-2.02-87.el8_1.11.x86_64.rpm SHA-256: 355c5ed55fd1622f37872db267bdecde43b505754798c9ddaed5318b87da11a9
grub2-debugsource-2.02-87.el8_1.11.x86_64.rpm SHA-256: e8809d8ef881c311f8e646df93fa6b0f4c3749f96f516b8c8722ac7d4a41b0e2
grub2-efi-aa64-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: 722c88624dfafe82e5881d04d85d2b1727d50c4729e9524742211c83c619d76c
grub2-efi-ia32-2.02-87.el8_1.11.x86_64.rpm SHA-256: 436aacbd1ddcd4cd678e368c1f6077cc923fd43ff5590e573cf40ffdc4ee51eb
grub2-efi-ia32-cdboot-2.02-87.el8_1.11.x86_64.rpm SHA-256: f5fac28abf1b98c06ab8b16fad08ef8421041ff4382faf9af650391d89fa74ae
grub2-efi-ia32-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: c68884a074128a3cfc8b3703b0ab21fe478852916dd0e870f6e5e36350d589e1
grub2-efi-x64-2.02-87.el8_1.11.x86_64.rpm SHA-256: f19506413409968aa3d265d9aff8c94f052904dc5673db82a51321073f2ce1c6
grub2-efi-x64-cdboot-2.02-87.el8_1.11.x86_64.rpm SHA-256: 955b3dab8599004a3a2c67a1520e29cf7d9efa5f71f65582a412305264208ba5
grub2-efi-x64-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: c57ad032083461243601252f932aacf153d49a3c21d3ae58c05eee00b301f33f
grub2-pc-2.02-87.el8_1.11.x86_64.rpm SHA-256: 0620feb2243e3ef67634eaf9e3980effe7db34ff68eb8c636c3e09a0c7a15ca7
grub2-pc-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: f1c91ff887587131d759293c31e21baeba965d95e8e20d46eb48b32d3c19e8ed
grub2-ppc64le-modules-2.02-87.el8_1.11.noarch.rpm SHA-256: 3350a0efafa9397461200da1379a5ead30159ce8359e0a31dcbf4b3a46a8971e
grub2-tools-2.02-87.el8_1.11.x86_64.rpm SHA-256: e4c40c971303053e4537b2d2a1d89bf4e64856638ab30a581b879d682a1c65e8
grub2-tools-debuginfo-2.02-87.el8_1.11.x86_64.rpm SHA-256: 801fb219042cce49bb7c08300d7d055bf2e7e1a8278e5c3062ca1e3d7aa2d240
grub2-tools-efi-2.02-87.el8_1.11.x86_64.rpm SHA-256: 2314fe6b878a63f53119f03dd6c328539cacb58584c2e8afff1b15626fe60a1a
grub2-tools-efi-debuginfo-2.02-87.el8_1.11.x86_64.rpm SHA-256: 4b58864bef3e367d60e90b4d930bd236d897757f54203fee4e39dfdccc7200c3
grub2-tools-extra-2.02-87.el8_1.11.x86_64.rpm SHA-256: 8bd3abcdf5ad37442eea2c84afab52079d576d24f435544ed91cdfeba6c05f2f
grub2-tools-extra-debuginfo-2.02-87.el8_1.11.x86_64.rpm SHA-256: 7a5df6511c47141fda3b9bd746fdc2a69b635c1631d4d0b95781827ffbb59ad5
grub2-tools-minimal-2.02-87.el8_1.11.x86_64.rpm SHA-256: 1ab3b9d119d30f4b1069ff6efdf550f24f0160b5a4930bfd40a2a3069766ac37
grub2-tools-minimal-debuginfo-2.02-87.el8_1.11.x86_64.rpm SHA-256: 616c71adbffb324896a88da1b192675ee7cf6fbb063b84558e69e90596986ebb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility