grub

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description GNU GRand Unified Bootloader (2)
Version 2:2.12-2 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-2762 2:2.06-5 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2022-28737 AVG-2762 Medium No Arbitrary code execution
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables. The handle_image() function takes into account...
CVE-2022-28736 AVG-2762 Medium No Arbitrary code execution
There's a use-after-free vulnerability in grub_cmd_chainloader() function. The chainloader command is used to boot up operating systems that doesn't support...
CVE-2022-28735 AVG-2762 Medium No Insufficient validation
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to...
CVE-2022-28734 AVG-2762 High Yes Unknown
When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write...
CVE-2022-28733 AVG-2762 High Yes Arbitrary code execution
A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances...
CVE-2021-3697 AVG-2762 High No Arbitrary code execution
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user controlled data to be written in heap. To be successfully...
CVE-2021-3696 AVG-2762 Medium No Arbitrary code execution
A heap out-of-bounds write may happen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space....
CVE-2021-3695 AVG-2762 High No Arbitrary code execution
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1630 2:2.04-10 Medium Not affected
AVG-1629 2:2.04-10 2:2.06-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-20233 AVG-1629 Medium No Arbitrary code execution
There's a flaw in GRUB2 menu rendering code setparam_prefix() in the menu rendering code. It performs a length calculation under the assumption that...
CVE-2021-20225 AVG-1629 Medium No Arbitrary code execution
The option parser in GRUB2 allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific...
CVE-2021-3418 AVG-1630 Medium No Insufficient validation
The GRUB2 upstream reintroduced CVE-2020-15705. This refers to a distro specific flaw which upstream introduced in Grub 2.05.  If certificates that signed...
CVE-2020-27779 AVG-1629 Medium No Access restriction bypass
The GRUB2's cutmem command does not honor Secure Boot locking. This allows an privileged attacker to remove address ranges from memory creating an...
CVE-2020-27749 AVG-1629 Medium No Arbitrary code execution
grub_parser_split_cmdline() expands variable names present in the supplied command line in to their corresponding variable contents and uses a 1kB stack...
CVE-2020-25647 AVG-1629 Medium No Arbitrary code execution
grub_usb_device_initialize() is called to handle USB device initialization. It reads out the descriptors it needs from the USB device and uses that data to...
CVE-2020-25632 AVG-1629 Medium No Arbitrary code execution
The rmmod implementation for grub2 is flawed, allowing an attacker to unload a module used as a dependency without checking if any other dependent module is...
CVE-2020-14372 AVG-1629 Medium No Arbitrary code execution
GRUB2 enables the use of the command acpi even when secure boot is signaled by the firmware. An attacker with local root privileges can drop a small SSDT in...

Advisories

Date Advisory Group Severity Type
15 Jun 2021 ASA-202106-43 AVG-1629 Medium multiple issues