Bug 2092613 (CVE-2022-28736) - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader()
Summary: CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-28736
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2092624 2092627 2092620 2092621 2092622 2092623 2092625
Blocks: 1991681
TreeView+ depends on / blocked
 
Reported: 2022-06-01 20:42 UTC by Marco Benatto
Modified: 2022-07-19 15:32 UTC (History)
8 users (show)

Fixed In Version: grub 2.12
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free vulnerability was found on grub2's chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern.
Clone Of:
Environment:
Last Closed: 2022-06-16 22:37:10 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:5105 0 None None None 2022-06-16 21:08:45 UTC
Red Hat Product Errata RHBA-2022:5121 0 None None None 2022-06-20 01:27:36 UTC
Red Hat Product Errata RHBA-2022:5127 0 None None None 2022-06-20 12:12:18 UTC
Red Hat Product Errata RHBA-2022:5128 0 None None None 2022-06-20 14:27:12 UTC
Red Hat Product Errata RHBA-2022:5170 0 None None None 2022-06-22 11:38:44 UTC
Red Hat Product Errata RHBA-2022:5437 0 None None None 2022-06-30 07:15:25 UTC
Red Hat Product Errata RHBA-2022:5578 0 None None None 2022-07-13 15:10:23 UTC
Red Hat Product Errata RHBA-2022:5643 0 None None None 2022-07-19 15:32:32 UTC
Red Hat Product Errata RHSA-2022:5095 0 None None None 2022-06-16 15:34:15 UTC
Red Hat Product Errata RHSA-2022:5096 0 None None None 2022-06-16 14:56:00 UTC
Red Hat Product Errata RHSA-2022:5098 0 None None None 2022-06-16 13:51:40 UTC
Red Hat Product Errata RHSA-2022:5099 0 None None None 2022-06-16 15:24:12 UTC
Red Hat Product Errata RHSA-2022:5100 0 None None None 2022-06-16 15:46:25 UTC

Description Marco Benatto 2022-06-01 20:42:37 UTC
There's a use-after-free vulnerability in grub_cmd_chainloader() function. The chainloader command is used to boot up Operating Systems that doesn't support multiboot and do not have direct support from grub2, when executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the grub's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be executed.

Comment 2 errata-xmlrpc 2022-06-16 13:51:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:5098 https://access.redhat.com/errata/RHSA-2022:5098

Comment 3 errata-xmlrpc 2022-06-16 14:55:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5096 https://access.redhat.com/errata/RHSA-2022:5096

Comment 4 errata-xmlrpc 2022-06-16 15:24:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5099 https://access.redhat.com/errata/RHSA-2022:5099

Comment 5 errata-xmlrpc 2022-06-16 15:34:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5095 https://access.redhat.com/errata/RHSA-2022:5095

Comment 6 errata-xmlrpc 2022-06-16 15:46:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5100 https://access.redhat.com/errata/RHSA-2022:5100

Comment 7 Product Security DevOps Team 2022-06-16 22:37:08 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-28736


Note You need to log in before you can comment on or make changes to this bug.