Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-28733) (Multiple Advisories): grub2 security update

Back to Search

Oracle Linux: (CVE-2022-28733) (Multiple Advisories): grub2 security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/07/2022
Created
06/10/2022
Added
06/08/2022
Modified
07/15/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-9595:

[2.02-123.0.7.el8_6.8] - Enable back btrfs module by default [Orabug: 34377188] [2.02-123.0.6.el8_6.8] - Backport upstream SNP protocol fixes [Orabug: 34195100] [2.02-123.0.5.el8_6.8] - Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232] [2.02-123.0.4.el8_6.8] - enable multiboot2 [Orabug: 34285558] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - Fix various coverity issues [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-123.el8_6.8] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2031899

Solution(s)

  • oracle-linux-upgrade-grub2
  • oracle-linux-upgrade-grub2-common
  • oracle-linux-upgrade-grub2-efi-aa64
  • oracle-linux-upgrade-grub2-efi-aa64-cdboot
  • oracle-linux-upgrade-grub2-efi-aa64-modules
  • oracle-linux-upgrade-grub2-efi-ia32
  • oracle-linux-upgrade-grub2-efi-ia32-cdboot
  • oracle-linux-upgrade-grub2-efi-ia32-modules
  • oracle-linux-upgrade-grub2-efi-x64
  • oracle-linux-upgrade-grub2-efi-x64-cdboot
  • oracle-linux-upgrade-grub2-efi-x64-modules
  • oracle-linux-upgrade-grub2-pc
  • oracle-linux-upgrade-grub2-pc-modules
  • oracle-linux-upgrade-grub2-tools
  • oracle-linux-upgrade-grub2-tools-efi
  • oracle-linux-upgrade-grub2-tools-extra
  • oracle-linux-upgrade-grub2-tools-minimal

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;