CVE Vulnerabilities

CVE-2022-28735

Published: Jul 20, 2023 | Modified: Aug 25, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.8 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

The GRUB2s shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

Affected Software

Name Vendor Start Version End Version
Grub2 Gnu 2.00 (including) 2.06-3 (excluding)
Red Hat Enterprise Linux 8 RedHat grub2-1:2.02-123.el8_6.8 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat grub2-1:2.02-87.el8_1.10 *
Red Hat Enterprise Linux 8.2 Extended Update Support RedHat grub2-1:2.02-87.el8_2.10 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat grub2-1:2.02-99.el8_4.9 *
Red Hat Enterprise Linux 9 RedHat grub2-1:2.06-27.el9_0.7 *
Grub2 Ubuntu bionic *
Grub2 Ubuntu impish *
Grub2 Ubuntu upstream *
Grub2-signed Ubuntu bionic *
Grub2-signed Ubuntu esm-infra/xenial *
Grub2-signed Ubuntu focal *
Grub2-signed Ubuntu jammy *
Grub2-signed Ubuntu kinetic *
Grub2-signed Ubuntu trusty *
Grub2-signed Ubuntu trusty/esm *
Grub2-signed Ubuntu xenial *
Grub2-unsigned Ubuntu bionic *
Grub2-unsigned Ubuntu esm-infra/xenial *
Grub2-unsigned Ubuntu focal *
Grub2-unsigned Ubuntu jammy *
Grub2-unsigned Ubuntu kinetic *
Grub2-unsigned Ubuntu trusty *
Grub2-unsigned Ubuntu xenial *

References