CVE-2022-28736 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Arbitrary code execution |
| Description | There's a use-after-free vulnerability in grub_cmd_chainloader() function. The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2762 | grub | 2:2.06-5 | High | Vulnerable |