PT-2023-8570 · Grub2+10 · Grub2+10

Julian Andres Klode

Published

2022-06-07

Updated

2024-09-05

CVE-2022-28735

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GRUB2 (affected versions not specified)

Description The issue is related to the GRUB2's shim lock verifier, which allows non-kernel files to be loaded on shim-powered secure boot systems. This may lead to unverified code and modules being loaded in GRUB2, breaking the secure boot trust-chain.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

ALSA-2022:5095

ALSA-2022:5099

ALT-PU-2023-1427

ALT-PU-2023-6074

ALT-PU-2024-11222

AZL-27551

AZL-34790

BDU:2024-01200

CESA-2022_5095

CVE-2022-28735

OESA-2022-1734

OPENSUSE-SU-2022_2035-1

OPENSUSE-SU-2022_2064-1

OPENSUSE-SU-2024:12137-1

RHSA-2022:5095

RHSA-2022:5096

RHSA-2022:5098

RHSA-2022:5099

RHSA-2022:5100

RHSA-2022_5095

RHSA-2022_5099

RLSA-2022:5095

RLSA-2022:5099

SUSE-SU-2022:2035-1

SUSE-SU-2022:2064-1

SUSE-SU-2022:2073-1

SUSE-SU-2022:2074-1

USN-6355-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Grub2

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-8570 · Grub2+10 · Grub2+10

CVE-2022-28735

Weakness Enumeration

Related Identifiers

Affected Products

References · 118