Back to bug 2083339
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marco Benatto | 2022-05-09 18:26:56 UTC | CC | security-response-team | |
| Marco Benatto | 2022-05-09 18:27:06 UTC | Priority | medium | high |
| Severity | medium | high | ||
| Marco Benatto | 2022-05-09 18:29:10 UTC | Depends On | 2083344, 2083348, 2083341, 2083343, 2083345, 2083347, 2083352, 2083349, 2083346, 2083351, 2083342, 2083350 | |
| Marco Benatto | 2022-05-09 18:58:34 UTC | Comment | 2 | updated |
| Marco Benatto | 2022-05-09 19:00:17 UTC | Flags | needinfo?(rharwood) | |
| Robbie Harwood | 2022-05-10 23:54:49 UTC | Flags | needinfo?(rharwood) | |
| Marco Benatto | 2022-05-25 15:08:00 UTC | Deadline | 2022-05-17 | 2022-06-07 |
| Marco Benatto | 2022-05-31 12:26:33 UTC | Comment | 0 | updated |
| Marco Benatto | 2022-06-03 14:59:11 UTC | Doc Text | There's an issue with grub2 when handling IPv4 packages. An attacker can craft a malicious packet which can trigger a integer underflow in grub code, as consequence the memory allocation for handling the packet data may end up smaller than the size needed. This can cause a out-of-bands write during the packet handling compromising data integrity and confidentiality issues or lead do a DoS. Remote code execution is also not discarded. | |
| RaTasha Tillery-Smith | 2022-06-03 16:57:55 UTC | Doc Text | There's an issue with grub2 when handling IPv4 packages. An attacker can craft a malicious packet which can trigger a integer underflow in grub code, as consequence the memory allocation for handling the packet data may end up smaller than the size needed. This can cause a out-of-bands write during the packet handling compromising data integrity and confidentiality issues or lead do a DoS. Remote code execution is also not discarded. | A flaw was found in grub2 when handling IPv4 packages. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may end up smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution. |
| Todd Cullum | 2022-06-07 17:02:21 UTC | Summary | EMBARGOED CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets | CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets |
| CC | bootloader-eng-team | |||
| Group | security, qe_staff | |||
| Deadline | 2022-06-07 | |||
| Karl Hastings | 2022-06-07 21:34:58 UTC | Doc Text | A flaw was found in grub2 when handling IPv4 packages. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may end up smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution. | A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may end up smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution. |
| Stoyan Nikolov | 2022-06-08 07:44:42 UTC | CC | michal.skrivanek, mperina, sbonazzo | |
| Stoyan Nikolov | 2022-06-08 07:45:10 UTC | Depends On | 2094682, 2094681 | |
| RaTasha Tillery-Smith | 2022-06-08 12:02:41 UTC | Doc Text | A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may end up smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution. | A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution. |
| Sandro Bonazzola | 2022-06-09 06:58:25 UTC | Depends On | 2095149 | |
| errata-xmlrpc | 2022-06-16 13:51:21 UTC | Link ID | Red Hat Product Errata RHSA-2022:5098 | |
| errata-xmlrpc | 2022-06-16 14:55:25 UTC | Link ID | Red Hat Product Errata RHSA-2022:5096 | |
| errata-xmlrpc | 2022-06-16 15:23:49 UTC | Link ID | Red Hat Product Errata RHSA-2022:5099 | |
| errata-xmlrpc | 2022-06-16 15:33:59 UTC | Link ID | Red Hat Product Errata RHSA-2022:5095 | |
| errata-xmlrpc | 2022-06-16 15:46:06 UTC | Link ID | Red Hat Product Errata RHSA-2022:5100 | |
| errata-xmlrpc | 2022-06-16 21:08:40 UTC | Link ID | Red Hat Product Errata RHBA-2022:5105 | |
| Product Security DevOps Team | 2022-06-16 21:37:12 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2022-06-16 21:37:12 UTC | |||
| errata-xmlrpc | 2022-06-20 01:27:31 UTC | Link ID | Red Hat Product Errata RHBA-2022:5121 | |
| errata-xmlrpc | 2022-06-20 12:12:13 UTC | Link ID | Red Hat Product Errata RHBA-2022:5127 | |
| errata-xmlrpc | 2022-06-20 14:27:08 UTC | Link ID | Red Hat Product Errata RHBA-2022:5128 | |
| Marco Benatto | 2022-06-20 17:58:22 UTC | Fixed In Version | grub 2.12 | |
| errata-xmlrpc | 2022-06-22 11:38:34 UTC | Link ID | Red Hat Product Errata RHBA-2022:5170 | |
| Sandro Bonazzola | 2022-06-29 08:30:07 UTC | Flags | needinfo?(security-response-team) | |
| Product Security DevOps Team | 2022-06-29 12:05:45 UTC | Flags | needinfo?(security-response-team) | needinfo?(mbenatto) |
| Marco Benatto | 2022-06-29 14:39:22 UTC | Flags | needinfo?(mbenatto) | |
| errata-xmlrpc | 2022-06-30 07:15:19 UTC | Link ID | Red Hat Product Errata RHBA-2022:5437 | |
| errata-xmlrpc | 2022-07-13 15:10:21 UTC | Link ID | Red Hat Product Errata RHBA-2022:5578 | |
| errata-xmlrpc | 2022-07-19 15:32:29 UTC | Link ID | Red Hat Product Errata RHBA-2022:5643 | |
| errata-xmlrpc | 2022-07-21 12:31:58 UTC | Link ID | Red Hat Product Errata RHSA-2022:5678 | |
| errata-xmlrpc | 2022-12-08 11:42:46 UTC | Link ID | Red Hat Product Errata RHSA-2022:8900 |
Back to bug 2083339