PT-2022-2826 · Grub+10 · Grub+10

Daniel Axtens

·

Published

2022-06-07

·

Updated

2024-09-05

·

CVE-2022-28733

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Grub (affected versions not specified)
Description The issue is related to an integer underflow in the grub net recv ip4 packets() function, specifically affecting the rsm->total len value. This can occur when a maliciously crafted IP packet is received, potentially leading to memory allocation issues. Under certain circumstances, the total len value may wrap around to a small integer, which can then be used in memory allocation, allowing subsequent operations to write past the end of the buffer. Exploitation of this issue may allow a remote attacker to execute arbitrary code by sending specially crafted IP packets.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALSA-2022:5095
ALSA-2022:5099
ALT-PU-2023-1438
ALT-PU-2023-1439
ALT-PU-2023-4655
ALT-PU-2023-4656
ALT-PU-2023-5598
ALT-PU-2023-6074
ALT-PU-2024-11222
AZL-27553
AZL-34788
BDU:2022-03372
CESA-2022_5095
CVE-2022-28733
OESA-2022-1734
OPENSUSE-SU-2022_2035-1
OPENSUSE-SU-2022_2064-1
OPENSUSE-SU-2024:12137-1
RHSA-2022:5095
RHSA-2022:5096
RHSA-2022:5098
RHSA-2022:5099
RHSA-2022:5100
RHSA-2022:5678
RHSA-2022:8900
RHSA-2022_5095
RHSA-2022_5099
RHSA-2022_8900
RLSA-2022:5095
RLSA-2022:5099
ROSA-SA-2023-2112
SUSE-SU-2022:2035-1
SUSE-SU-2022:2036-1
SUSE-SU-2022:2037-1
SUSE-SU-2022:2038-1
SUSE-SU-2022:2039-1
SUSE-SU-2022:2041-1
SUSE-SU-2022:2064-1
SUSE-SU-2022:2073-1
SUSE-SU-2022:2074-1
USN-6355-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Grub
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu