vulnerability

Oracle Linux: CVE-2022-28736: ELSA-2022-9595: grub2 security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
2022-06-07
Added
2022-06-08
Modified
2025-01-07

Description

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
A use-after-free vulnerability was found on grub2's chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern.

Solution(s)

oracle-linux-upgrade-grub2oracle-linux-upgrade-grub2-commonoracle-linux-upgrade-grub2-efi-aa64oracle-linux-upgrade-grub2-efi-aa64-cdbootoracle-linux-upgrade-grub2-efi-aa64-modulesoracle-linux-upgrade-grub2-efi-ia32oracle-linux-upgrade-grub2-efi-ia32-cdbootoracle-linux-upgrade-grub2-efi-ia32-modulesoracle-linux-upgrade-grub2-efi-x64oracle-linux-upgrade-grub2-efi-x64-cdbootoracle-linux-upgrade-grub2-efi-x64-modulesoracle-linux-upgrade-grub2-pcoracle-linux-upgrade-grub2-pc-modulesoracle-linux-upgrade-grub2-toolsoracle-linux-upgrade-grub2-tools-efioracle-linux-upgrade-grub2-tools-extraoracle-linux-upgrade-grub2-tools-minimal

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today