PT-2023-8570 · Grub2+10 · Grub2+10

Julian Andres Klode

Publicado

2022-06-07

Atualizado

2024-09-05

CVE-2022-28735

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GRUB2 (affected versions not specified)

Description The issue is related to the GRUB2's shim lock verifier, which allows non-kernel files to be loaded on shim-powered secure boot systems. This may lead to unverified code and modules being loaded in GRUB2, breaking the secure boot trust-chain.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-829

Identificadores relacionados

ALSA-2022:5095

ALSA-2022:5099

ALT-PU-2023-1427

ALT-PU-2023-6074

ALT-PU-2024-11222

AZL-27551

AZL-34790

BDU:2024-01200

CESA-2022_5095

CVE-2022-28735

OESA-2022-1734

OPENSUSE-SU-2022_2035-1

OPENSUSE-SU-2022_2064-1

OPENSUSE-SU-2024:12137-1

RHSA-2022:5095

RHSA-2022:5096

RHSA-2022:5098

RHSA-2022:5099

RHSA-2022:5100

RHSA-2022_5095

RHSA-2022_5099

RLSA-2022:5095

RLSA-2022:5099

SUSE-SU-2022:2035-1

SUSE-SU-2022:2064-1

SUSE-SU-2022:2073-1

SUSE-SU-2022:2074-1

USN-6355-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Grub2

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-8570 · Grub2+10 · Grub2+10

CVE-2022-28735

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 118