grub
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | GNU GRand Unified Bootloader (2) |
| Version | 2:2.12-3 [core] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2762 | 2:2.06-5 | High | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2022-28737 | AVG-2762 | Medium | No | Arbitrary code execution | There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables. The handle_image() function takes into account... |
| CVE-2022-28736 | AVG-2762 | Medium | No | Arbitrary code execution | There's a use-after-free vulnerability in grub_cmd_chainloader() function. The chainloader command is used to boot up operating systems that doesn't support... |
| CVE-2022-28735 | AVG-2762 | Medium | No | Insufficient validation | The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to... |
| CVE-2022-28734 | AVG-2762 | High | Yes | Unknown | When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write... |
| CVE-2022-28733 | AVG-2762 | High | Yes | Arbitrary code execution | A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances... |
| CVE-2021-3697 | AVG-2762 | High | No | Arbitrary code execution | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user controlled data to be written in heap. To be successfully... |
| CVE-2021-3696 | AVG-2762 | Medium | No | Arbitrary code execution | A heap out-of-bounds write may happen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space.... |
| CVE-2021-3695 | AVG-2762 | High | No | Arbitrary code execution | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1630 | 2:2.04-10 | Medium | Not affected | ||
| AVG-1629 | 2:2.04-10 | 2:2.06-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-20233 | AVG-1629 | Medium | No | Arbitrary code execution | There's a flaw in GRUB2 menu rendering code setparam_prefix() in the menu rendering code. It performs a length calculation under the assumption that... |
| CVE-2021-20225 | AVG-1629 | Medium | No | Arbitrary code execution | The option parser in GRUB2 allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific... |
| CVE-2021-3418 | AVG-1630 | Medium | No | Insufficient validation | The GRUB2 upstream reintroduced CVE-2020-15705. This refers to a distro specific flaw which upstream introduced in Grub 2.05. If certificates that signed... |
| CVE-2020-27779 | AVG-1629 | Medium | No | Access restriction bypass | The GRUB2's cutmem command does not honor Secure Boot locking. This allows an privileged attacker to remove address ranges from memory creating an... |
| CVE-2020-27749 | AVG-1629 | Medium | No | Arbitrary code execution | grub_parser_split_cmdline() expands variable names present in the supplied command line in to their corresponding variable contents and uses a 1kB stack... |
| CVE-2020-25647 | AVG-1629 | Medium | No | Arbitrary code execution | grub_usb_device_initialize() is called to handle USB device initialization. It reads out the descriptors it needs from the USB device and uses that data to... |
| CVE-2020-25632 | AVG-1629 | Medium | No | Arbitrary code execution | The rmmod implementation for grub2 is flawed, allowing an attacker to unload a module used as a dependency without checking if any other dependent module is... |
| CVE-2020-14372 | AVG-1629 | Medium | No | Arbitrary code execution | GRUB2 enables the use of the command acpi even when secure boot is signaled by the firmware. An attacker with local root privileges can drop a small SSDT in... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 15 Jun 2021 | ASA-202106-43 | AVG-1629 | Medium | multiple issues |