AVG-2762 log

Package grub
Status Vulnerable
Severity High
Type multiple issues
Affected 2:2.06-5
Fixed Unknown
Current 2:2.06.r380.g151467888-1 [core]
Ticket Create
Created Wed Jun 8 10:10:47 2022
Issue Severity Remote Type Description
CVE-2022-28737 Medium No Arbitrary code execution
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables. The handle_image() function takes into account...
CVE-2022-28736 Medium No Arbitrary code execution
There's a use-after-free vulnerability in grub_cmd_chainloader() function. The chainloader command is used to boot up operating systems that doesn't support...
CVE-2022-28735 Medium No Insufficient validation
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to...
CVE-2022-28734 High Yes Unknown
When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write...
CVE-2022-28733 High Yes Arbitrary code execution
A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances...
CVE-2021-3697 High No Arbitrary code execution
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user controlled data to be written in heap. To be successfully...
CVE-2021-3696 Medium No Arbitrary code execution
A heap out-of-bounds write may happen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space....
CVE-2021-3695 High No Arbitrary code execution
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data...
References
https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
Notes
the linked mail is followed by 30 mails with the patches