CVE-2022-28735Inclusion of Functionality from Untrusted Control Sphere in Grub2

CWE-829Inclusion of Functionality from Untrusted Control Sphere8 documents8 sources
Severity
7.8HIGHNVD
CNA6.7
EPSS
0.0%
top 95.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU Project GNU GrubGNU Grub2
Timeline
PublishedJul 20
Latest updateSep 8

Description

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgnu/grub22.002.06-3
Debiangnu/grub2< 2.06-3~deb11u1+3
CVEListV5gnu_project/gnu_grub< 2.06-3

🔴Vulnerability Details

3
GHSA
GHSA-w8wh-9mrg-3ff5: The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems2023-07-20
OSV
CVE-2022-28735: The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems2023-07-20
CVEList
CVE-2022-28735: The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems2023-07-20

📋Vendor Advisories

4
Ubuntu
GRUB2 vulnerabilities2023-09-08
Microsoft
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 2023-07-11
Red Hat
grub2: shim_lock verifier allows non-kernel files to be loaded2022-06-07
Debian
CVE-2022-28735: grub2 - The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powe...2022
CVE-2022-28735 — GNU Grub2 vulnerability | cvebase