CVE-2022-28736Use After Free in Project GNU Grub

CWE-416Use After Free8 documents8 sources
Severity
7.8HIGHNVD
CNA6.4
EPSS
0.0%
top 90.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU Project GNU GrubGNU Grub2
Timeline
PublishedJul 20
Latest updateSep 8

Description

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgnu/grub22.002.06-3
Debiangnu/grub2< 2.06-3~deb11u1+3
CVEListV5gnu_project/gnu_grub< 2.06-3

🔴Vulnerability Details

3
GHSA
GHSA-ff72-fwj3-6gh6: There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't s2023-07-20
CVEList
There's a use-after-free vulnerability in grub_cmd_chainloader() function2023-07-20
OSV
CVE-2022-28736: There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't s2023-07-20

📋Vendor Advisories

4
Ubuntu
GRUB2 vulnerabilities2023-09-08
Microsoft
There's a use-after-free vulnerability in grub_cmd_chainloader() function2023-07-11
Red Hat
grub2: use-after-free in grub_cmd_chainloader()2022-06-07
Debian
CVE-2022-28736: grub2 - There's a use-after-free vulnerability in grub_cmd_chainloader() function; The c...2022
CVE-2022-28736 — Use After Free in GNU Project GNU Grub | cvebase