CVE-2022-28733
Description
RHSA-2022:5095: grub2, mokutil, shim, and shim-unsigned-x64 security update (Important)
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description grub2: Integer underflow in grub_net_recv_ip4_packets CVSS v3: 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7grub2-1:2.02-0.87.el7_9.11RHSA-2022:89002022-12-08T00:00:00Z Red Hat Enterprise Linux 8grub2-1:2.02-123.el8_6.8RHSA-2022:50952022-06-16T00:00:00Z Red Hat Enterprise Linux 8.1 Update Services…
Description
grub2: Integer underflow in grub_net_recv_ip4_packets
CVSS v3: 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 | grub2-1:2.02-0.87.el7_9.11 | RHSA-2022:8900 | 2022-12-08T00:00:00Z |
| Red Hat Enterprise Linux 8 | grub2-1:2.02-123.el8_6.8 | RHSA-2022:5095 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | grub2-1:2.02-87.el8_1.10 | RHSA-2022:5098 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Extended Update Support | grub2-1:2.02-87.el8_2.10 | RHSA-2022:5100 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Extended Update Support | grub2-1:2.02-99.el8_4.9 | RHSA-2022:5096 | 2022-06-16T00:00:00Z |
| Red Hat Enterprise Linux 9 | grub2-1:2.06-27.el9_0.7 | RHSA-2022:5099 | 2022-06-16T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | redhat-virtualization-host-0:4.5.1-202207170705_8.6 | RHSA-2022:5678 | 2022-07-21T00:00:00Z |
Apply commands
yum update -y grub2
# or:
dnf upgrade -y grub2OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | affected | | |
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 8 | fixed | |
| debian | bookworm | fixed | 2.06-3 |
| debian | bullseye | fixed | 2.06-3~deb11u1 |
| debian | forky | fixed | 2.06-3 |
| debian | sid | fixed | 2.06-3 |
| debian | trixie | fixed | 2.06-3 |
| rocky | 9 | fixed | |
| rhel | 8 | fixed | |
References
- https://access.redhat.com/errata/RHSA-2022:5099
- https://www.suse.com/security/cve/CVE-2022-28733.html
- https://errata.rockylinux.org/RLSA-2022:5095
- https://security-tracker.debian.org/tracker/CVE-2022-28733
- https://errata.rockylinux.org/RLSA-2022:5099
- https://access.redhat.com/errata/RHSA-2022:5095
- https://bugzilla.redhat.com/1991685
- https://bugzilla.redhat.com/1991686
- https://bugzilla.redhat.com/1991687
- https://bugzilla.redhat.com/2083339
- https://bugzilla.redhat.com/2090463
- https://bugzilla.redhat.com/2090857
- https://bugzilla.redhat.com/2090899
- https://bugzilla.redhat.com/2092613
- https://errata.almalinux.org/8/ALSA-2022-5095.html
- https://errata.almalinux.org/9/ALSA-2022-5099.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.