Bug 2090463 (CVE-2022-28734)
Summary: | CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marco Benatto <mbenatto> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bootloader-eng-team, jaredz, mlewando, pjanda, pjones, pkotvan, rharwood, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | grub 2.12 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-16 21:38:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2090467, 2090468, 2090469, 2090470, 2090471, 2090472, 2090473, 2090478, 2090479, 2090480, 2090481, 2090482 | ||
Bug Blocks: | 1991681 |
Description
Marco Benatto
2022-05-25 19:50:52 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5098 https://access.redhat.com/errata/RHSA-2022:5098 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5096 https://access.redhat.com/errata/RHSA-2022:5096 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5099 https://access.redhat.com/errata/RHSA-2022:5099 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5095 https://access.redhat.com/errata/RHSA-2022:5095 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5100 https://access.redhat.com/errata/RHSA-2022:5100 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28734 hey marco,i need your help with the CVSS restoring on this one. As the attacker doesn't have full control about the memory region being overwritten by the buffer overflow, the mostly likely result is a Denial of service in grub2. As a result the memory corruption is constrained and represents a low impact on data confidentiality and data integrity while the impact on availability is considered high. |