[Bugs] [Bug 13528] New: [CVE 21] grub2 2.06 CVEs found

Ср Авг 23 23:19:49 MSK 2023

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13528

          Platform: 2021.1
            Bug ID: 13528
           Summary: [CVE 21] grub2 2.06  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-28733, CVE-2022-28734, CVE-2022-28735,
                    CVE-2022-28736,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package grub2 version 2.06

INFO (CVEs are): grub2 2.06
 cves found
CVE-2022-28733
Desc: Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP
packet can lead to an integer underflow in grub_net_recv_ip4_packets() function
on rsm->total_len value. Under certain circumstances the total_len value may
end up wrapping around to a small integer number which will be used in memory
allocation. If the attack succeeds in such way, subsequent operations can write
past the end of the buffer.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28733
Severity: HIGH
CVE-2022-28734
Desc: Out-of-bounds write when handling split HTTP headers; When handling split
HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point
by one position. This can lead to a out-of-bound write further when parsing the
HTTP request, writing a NULL byte past the buffer. It's conceivable that an
attacker controlled set of packets can lead to corruption of the GRUB2's
internal memory metadata.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28734
Severity: CRITICAL
CVE-2022-28735
Desc: The GRUB2's shim_lock verifier allows non-kernel files to be loaded on
shim-powered secure boot systems. Allowing such files to be loaded may lead to
unverified code and modules to be loaded in GRUB2 breaking the secure boot
trust-chain.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28735
Severity: HIGH
CVE-2022-28736
Desc: There's a use-after-free vulnerability in grub_cmd_chainloader()
function; The chainloader command is used to boot up operating systems that
doesn't support multiboot and do not have direct support from GRUB2. When
executing chainloader more than once a use-after-free vulnerability is
triggered. If an attacker can control the GRUB2's memory allocation pattern
sensitive data may be exposed and arbitrary code execution can be achieved.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28736
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено&hellip;
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/ce447d5f/attachment-0001.html>