Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-28733 (GCVE-0-2022-28733)
Vulnerability from cvelistv5 – Published: 2023-07-20 00:20 – Updated: 2025-02-13 16:32
VLAI
EPSS
Title
Integer underflow in grub_net_recv_ip4_packets
Summary
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2022/… | mailing-list |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
| https://security.netapp.com/advisory/ntap-2023082… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GNU Project | GNU GRUB |
Affected:
0 , < 2.06-3
(semver)
|
Date Public
2022-06-13 00:00
Credits
Daniel Axtens
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:49:29.972519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:49:41.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "grub2",
"platforms": [
"Linux"
],
"product": "GNU GRUB",
"repo": "https://git.savannah.gnu.org/cgit/grub.git",
"vendor": "GNU Project",
"versions": [
{
"lessThan": "2.06-3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Axtens"
}
],
"datePublic": "2022-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T22:06:12.648Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
}
],
"title": "Integer underflow in grub_net_recv_ip4_packets"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28733",
"datePublished": "2023-07-20T00:20:02.458Z",
"dateReserved": "2022-04-05T21:59:08.759Z",
"dateUpdated": "2025-02-13T16:32:35.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-28733",
"date": "2026-06-03",
"epss": "0.00116",
"percentile": "0.29993"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-28733\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2023-07-20T01:15:10.140\",\"lastModified\":\"2024-11-21T06:57:49.677\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.00\",\"versionEndExcluding\":\"2.06-3\",\"matchCriteriaId\":\"F969F462-AB12-4158-BBA9-A9D828434F9F\"}]}]}],\"references\":[{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230825-0002/\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/06/07/5\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230825-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/06/07/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2022/06/07/5\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230825-0002/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:03:52.571Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28733\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T19:49:29.972519Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-24T19:49:36.727Z\"}}], \"cna\": {\"title\": \"Integer underflow in grub_net_recv_ip4_packets\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Daniel Axtens\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"repo\": \"https://git.savannah.gnu.org/cgit/grub.git\", \"vendor\": \"GNU Project\", \"product\": \"GNU GRUB\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.06-3\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\"], \"packageName\": \"grub2\"}], \"datePublic\": \"2022-06-13T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2022/06/07/5\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230825-0002/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-191\", \"description\": \"CWE-191\"}]}], \"providerMetadata\": {\"orgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"shortName\": \"canonical\", \"dateUpdated\": \"2023-08-25T22:06:12.648Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-28733\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:32:35.678Z\", \"dateReserved\": \"2022-04-05T21:59:08.759Z\", \"assignerOrgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"datePublished\": \"2023-07-20T00:20:02.458Z\", \"assignerShortName\": \"canonical\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2022:5095
Vulnerability from osv_almalinux
Published
2022-06-16 00:00
Modified
2022-08-23 15:20
Summary
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-aa64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-aa64-cdboot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-aa64-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-ia32"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-ia32-cdboot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-ia32-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-x64-cdboot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-efi-x64-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-pc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-pc-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-ppc64le-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-tools-efi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-tools-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "grub2-tools-minimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.02-123.el8_6.8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "shim-aa64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.6-1.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "shim-ia32"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.6-1.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "shim-unsigned-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.6-1.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "shim-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.6-1.el8.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\nSecurity Fix(es):\n* grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)\n* grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)\n* grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)\n* grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)\n* grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)\n* grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)\n* grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)\n* shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:5095",
"modified": "2022-08-23T15:20:46Z",
"published": "2022-06-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:5095"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3695"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3697"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28733"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28734"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28735"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28736"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28737"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1991685"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1991686"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1991687"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2083339"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090463"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090857"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092613"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-5095.html"
}
],
"related": [
"CVE-2022-28733",
"CVE-2021-3695",
"CVE-2021-3696",
"CVE-2021-3697",
"CVE-2022-28734",
"CVE-2022-28735",
"CVE-2022-28736",
"CVE-2022-28737"
],
"summary": "Important: grub2, mokutil, shim, and shim-unsigned-x64 security update"
}
alsa-2022:5099
Vulnerability from osv_almalinux
Published
2022-06-16 00:00
Modified
2022-08-23 18:24
Summary
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-efi-aa64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-efi-aa64-cdboot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-efi-aa64-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-efi-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-efi-x64-cdboot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-efi-x64-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-pc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-pc-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-ppc64le"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-ppc64le-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-tools-efi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-tools-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "grub2-tools-minimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.06-27.el9_0.7.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "shim-aa64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.6-1.el9.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "shim-unsigned-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.6-1.el9.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "shim-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.6-1.el9.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\nSecurity Fix(es):\n* grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)\n* grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)\n* grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)\n* grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)\n* grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)\n* grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)\n* grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)\n* shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:5099",
"modified": "2022-08-23T18:24:43Z",
"published": "2022-06-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:5099"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3695"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-3697"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28733"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28734"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28735"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28736"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28737"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1991685"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1991686"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1991687"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2083339"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090463"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090857"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2092613"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-5099.html"
}
],
"related": [
"CVE-2022-28733",
"CVE-2021-3695",
"CVE-2021-3696",
"CVE-2021-3697",
"CVE-2022-28734",
"CVE-2022-28735",
"CVE-2022-28736",
"CVE-2022-28737"
],
"summary": "Important: grub2, mokutil, shim, and shim-unsigned-x64 security update"
}
Title
Уязвимость функции grub_net_recv_ip4_packets программы-загрузчика операционных систем Grub, позволяющая нарушителю выполнить произвольный код путем отправки специально сформированных IP-пакетов
Description
Уязвимость функции grub_net_recv_ip4_packets программы-загрузчика операционных систем Grub связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путем отправки специально сформированных IP-пакетов
Severity
Vendor
Red Hat Inc., ООО «РусБИТех-Астра», ООО «Ред Софт», АО «ИВК», Erich Boleyn, АО "НППКТ", АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС»
Software Name
Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Virtualization, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), Grub2, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), РОСА Кобальт (запись в едином реестре российских программ №1999), ROSA Virtualization (запись в едином реестре российских программ №5091), АЛЬТ СП 10, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
7 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 4 (Red Hat Virtualization), 8 (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), от 1.99 до 2.06 (Grub2), до 2.6 (ОСОН ОСнова Оnyx), 7.9 (РОСА Кобальт), 2.1 (ROSA Virtualization), - (АЛЬТ СП 10), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- сегментирование сети с использованием средств межсетевого экранирования.
Для продуктов Red Hat:
https://access.redhat.com/security/cve/cve-2022-28733
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения grub2 до версии 2.06-3~deb10u1.osnova7
Для ОС РОСА "КОБАЛЬТ": https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2112
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для ОС ОН «Стрелец»:
Обновление программного обеспечения grub2 до версии 2.06-3~deb10u2.osnova9.strelets
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для системы управления средой виртуализации «ROSA Virtualization» : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2300
Для ОС Astra Linux Special Edition 1.7:
обновить пакет grub2 до 2.06-3~deb10u1+ci202210061917+astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет grub2 до 2.06-3~deb10u3+ci202212201113+astra5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2683
Reference
https://access.redhat.com/security/cve/cve-2022-28733
https://www.cybersecurity-help.cz/vdb/SB2022060810
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2112
https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2300
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://abf.rosa.ru/advisories/ROSA-SA-2025-2683
CWE
CWE-191
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Erich Boleyn, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 4 (Red Hat Virtualization), 8 (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), \u043e\u0442 1.99 \u0434\u043e 2.06 (Grub2), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 2.1 (ROSA Virtualization), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat:\nhttps://access.redhat.com/security/cve/cve-2022-28733\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f grub2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.06-3~deb10u1.osnova7\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2112\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f grub2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.06-3~deb10u2.osnova9.strelets\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2300\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 grub2 \u0434\u043e 2.06-3~deb10u1+ci202210061917+astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 grub2 \u0434\u043e 2.06-3~deb10u3+ci202212201113+astra5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2683",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.06.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.06.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-03372",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-28733",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Virtualization, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Grub2, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 , Erich Boleyn Grub2 \u043e\u0442 1.99 \u0434\u043e 2.06 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 grub_net_recv_ip4_packets \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 IP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u0430\u044f \u043f\u043e\u0442\u0435\u0440\u044f \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0441\u0442\u0438 (\u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433) (CWE-191)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 grub_net_recv_ip4_packets \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 IP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2022-28733\nhttps://www.cybersecurity-help.cz/vdb/SB2022060810\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2112\nhttps://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/\n\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2300\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2683",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-191",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
CERTFR-2023-AVI-0276
Vulnerability from certfr_avis - Published: 2023-03-31 - Updated: 2023-03-31
De multiples vulnérabilités ont été découvertes dans IBM. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une atteinte à l'intégrité des données, un contournement de la politique de sécurité, une injection de code indirecte à distance (XSS), une exécution de code arbitraire à distance, un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Hybrid Edition 5.1 sans le correctif de sécurité APAR PH52925 | ||
| IBM | WebSphere | IBM WebSphere Automation versions antérieures à 1.5.2 | ||
| IBM | WebSphere | IBM WebSphere Application Server 9.0 sans le correctif de sécurité APAR PH52925 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.5.0 UP5 | ||
| IBM | Db2 | IBM Db2 Web Queryfor i versions 2.3.0 et 2.4.0 sans le correctif de sécurité 5733WQX | ||
| IBM | Spectrum | IBM Spectrum Protect Plus Server versions antérieures à 10.1.12.4 | ||
| IBM | N/A | IBM HTTP Server for i sans le correctif de sécurité 5770DG1 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.5.0 UP4 IF01 | ||
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics versions 1.0.0 à 4.1.10 antérieures à 4.1.11 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.4.3 FP9 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Hybrid Edition 5.1 sans le correctif de s\u00e9curit\u00e9 APAR PH52925",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Automation versions ant\u00e9rieures \u00e0 1.5.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server 9.0 sans le correctif de s\u00e9curit\u00e9 APAR PH52925",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5.0 UP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Queryfor i versions 2.3.0 et 2.4.0 sans le correctif de s\u00e9curit\u00e9 5733WQX",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus Server versions ant\u00e9rieures \u00e0 10.1.12.4",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server for i sans le correctif de s\u00e9curit\u00e9 5770DG1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5.0 UP4 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions 1.0.0 \u00e0 4.1.10 ant\u00e9rieures \u00e0 4.1.11",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.4.3 FP9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-28733",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28733"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2020-24025",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24025"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2023-26283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26283"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-23825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23825"
},
{
"name": "CVE-2021-39227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39227"
},
{
"name": "CVE-2021-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
},
{
"name": "CVE-2022-22971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2021-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
},
{
"name": "CVE-2018-19797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2018-19827",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
},
{
"name": "CVE-2018-15494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15494"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2018-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2018-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8036"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2022-4883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4883"
},
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2020-7764",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7764"
},
{
"name": "CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"name": "CVE-2022-25927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21724"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2019-10785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10785"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"name": "CVE-2019-6286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2020-5259",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5259"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2021-26401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2018-19839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2022-4254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2018-20821",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
},
{
"name": "CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2019-6283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
},
{
"name": "CVE-2019-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6284"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2022-25901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25901"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2022-22970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22970"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2022-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3676"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2022-34917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34917"
},
{
"name": "CVE-2021-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2022-43928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43928"
},
{
"name": "CVE-2021-42740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42740"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2018-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2022-40155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40155"
},
{
"name": "CVE-2022-23816",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23816"
},
{
"name": "CVE-2022-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
},
{
"name": "CVE-2018-19838",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19838"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2021-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
},
{
"name": "CVE-2018-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2022-25758",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25758"
},
{
"name": "CVE-2021-23362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2022-37598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37598"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2022-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40154"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
}
],
"initial_release_date": "2023-03-31T00:00:00",
"last_revision_date": "2023-03-31T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967365 du 20 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6967365"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967333 du 30 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6967333"
}
],
"reference": "CERTFR-2023-AVI-0276",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, un contournement de\nla politique de s\u00e9curit\u00e9, une injection de code indirecte \u00e0 distance\n(XSS), une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967016 du 29 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6967016"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967283 du 15 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6967283"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967333 du 20 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967285 du 28 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6967285"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6966998 du 29 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6966998"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967315 du 30 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6967315"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6967365 du 30 mars 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0726
Vulnerability from certfr_avis - Published: 2023-09-08 - Updated: 2023-09-08
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 23.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-28733",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28733"
},
{
"name": "CVE-2023-28466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
},
{
"name": "CVE-2023-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30772"
},
{
"name": "CVE-2021-3695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3695"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2023-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21400"
},
{
"name": "CVE-2022-48502",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48502"
},
{
"name": "CVE-2022-28735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28735"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2022-28734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28734"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2023-3159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3159"
},
{
"name": "CVE-2023-2985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2985"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2023-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3777"
},
{
"name": "CVE-2022-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0168"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2023-31248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
},
{
"name": "CVE-2023-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
},
{
"name": "CVE-2022-28736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28736"
},
{
"name": "CVE-2023-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3995"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3111"
},
{
"name": "CVE-2023-32252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32252"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2023-32629",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32629"
},
{
"name": "CVE-2023-32257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32257"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2022-28737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28737"
},
{
"name": "CVE-2022-48425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48425"
},
{
"name": "CVE-2023-33288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33288"
},
{
"name": "CVE-2023-21255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
},
{
"name": "CVE-2023-1990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-32258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32258"
},
{
"name": "CVE-2023-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2021-3697",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3697"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-4194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4194"
},
{
"name": "CVE-2022-27672",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27672"
},
{
"name": "CVE-2023-2269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
},
{
"name": "CVE-2023-2898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2898"
},
{
"name": "CVE-2020-36691",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36691"
},
{
"name": "CVE-2023-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38428"
},
{
"name": "CVE-2023-32247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32247"
},
{
"name": "CVE-2021-3696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3696"
},
{
"name": "CVE-2023-32248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32248"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2023-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
},
{
"name": "CVE-2023-4015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4015"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2023-4273",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4273"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2023-23004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23004"
},
{
"name": "CVE-2023-35829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35829"
},
{
"name": "CVE-2021-3981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3981"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2023-38426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38426"
},
{
"name": "CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1611"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-34319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34319"
},
{
"name": "CVE-2023-38429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38429"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2023-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32250"
},
{
"name": "CVE-2023-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3389"
}
],
"initial_release_date": "2023-09-08T00:00:00",
"last_revision_date": "2023-09-08T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0726",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6337-1 du 04 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6337-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6355-1 du 08 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6355-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6346-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6346-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6344-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6344-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6343-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6343-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6338-1 du 05 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6338-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0097-1 du 05 septembre 2023",
"url": "https://ubuntu.com/security/notices/LSN-0097-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6348-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6348-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6342-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6342-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6350-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6350-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6339-1 du 05 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6339-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6351-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6351-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6340-1 du 05 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6340-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6349-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6349-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6341-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6341-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6347-1 du 06 septembre 2023",
"url": "https://ubuntu.com/security/notices/USN-6347-1"
}
]
}
FKIE_CVE-2022-28733
Vulnerability from fkie_nvd - Published: 2023-07-20 01:15 - Updated: 2024-11-21 06:57
Severity
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 | Third Party Advisory | |
| security@ubuntu.com | https://security.netapp.com/advisory/ntap-20230825-0002/ | ||
| security@ubuntu.com | https://www.openwall.com/lists/oss-security/2022/06/07/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230825-0002/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2022/06/07/5 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F969F462-AB12-4158-BBA9-A9D828434F9F",
"versionEndExcluding": "2.06-3",
"versionStartIncluding": "2.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."
}
],
"id": "CVE-2022-28733",
"lastModified": "2024-11-21T06:57:49.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-20T01:15:10.140",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
},
{
"source": "security@ubuntu.com",
"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-2RXJ-VWP2-V63V
Vulnerability from github – Published: 2023-07-20 03:30 – Updated: 2024-04-04 06:17
VLAI
Details
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Severity
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2022-28733"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-20T01:15:10Z",
"severity": "HIGH"
},
"details": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.",
"id": "GHSA-2rxj-vwp2-v63v",
"modified": "2024-04-04T06:17:28Z",
"published": "2023-07-20T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28733"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230825-0002"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-28733
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-28733",
"id": "GSD-2022-28733",
"references": [
"https://security.archlinux.org/CVE-2022-28733",
"https://linux.oracle.com/cve/CVE-2022-28733.html",
"https://access.redhat.com/errata/RHSA-2022:5095",
"https://access.redhat.com/errata/RHSA-2022:5096",
"https://access.redhat.com/errata/RHSA-2022:5098",
"https://access.redhat.com/errata/RHSA-2022:5099",
"https://access.redhat.com/errata/RHSA-2022:5100",
"https://www.suse.com/security/cve/CVE-2022-28733.html",
"https://access.redhat.com/errata/RHSA-2022:5678",
"https://access.redhat.com/errata/RHSA-2022:8900"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-28733"
],
"details": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.",
"id": "GSD-2022-28733",
"modified": "2023-12-13T01:19:34.078173Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2022-28733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GNU GRUB",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "2.06-3"
}
]
}
}
]
},
"vendor_name": "GNU Project"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Daniel Axtens"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-191",
"lang": "eng",
"value": "CWE-191"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2022/06/07/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230825-0002/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.06-3",
"versionStartIncluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2022-28733"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2022/06/07/5",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230825-0002/",
"refsource": "MISC",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-08-25T23:15Z",
"publishedDate": "2023-07-20T01:15Z"
}
}
}
MSRC_CVE-2022-28733
Vulnerability from csaf_microsoft - Published: 2023-07-01 07:00 - Updated: 2026-02-19 01:01Summary
Integer underflow in grub_net_recv_ip4_packets
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
8.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18842-17084 | — | ||
| Unresolved product id: 19663-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-28733 Integer underflow in grub_net_recv_ip4_packets - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2022-28733.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Integer underflow in grub_net_recv_ip4_packets",
"tracking": {
"current_release_date": "2026-02-19T01:01:54.000Z",
"generator": {
"date": "2026-02-21T00:07:24.177Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-28733",
"initial_release_date": "2023-07-01T07:00:00.000Z",
"revision_history": [
{
"date": "2023-07-29T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-02-19T01:01:54.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 grub2 2.06-14",
"product": {
"name": "\u003cazl3 grub2 2.06-14",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 grub2 2.06-14",
"product": {
"name": "azl3 grub2 2.06-14",
"product_id": "18842"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 grub2 2.06-23",
"product": {
"name": "\u003cazl3 grub2 2.06-23",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 grub2 2.06-23",
"product": {
"name": "azl3 grub2 2.06-23",
"product_id": "19663"
}
}
],
"category": "product_name",
"name": "grub2"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 grub2 2.06-14 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 grub2 2.06-14 as a component of Azure Linux 3.0",
"product_id": "18842-17084"
},
"product_reference": "18842",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 grub2 2.06-23 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 grub2 2.06-23 as a component of Azure Linux 3.0",
"product_id": "19663-17084"
},
"product_reference": "19663",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-28733",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "general",
"text": "canonical",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18842-17084",
"19663-17084"
],
"known_affected": [
"17084-2",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-28733 Integer underflow in grub_net_recv_ip4_packets - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2022-28733.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-29T00:00:00.000Z",
"details": "2.06-14:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-2",
"17084-1"
]
}
],
"title": "Integer underflow in grub_net_recv_ip4_packets"
}
]
}
OPENSUSE-SU-2024:12137-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
grub2-2.06-25.1 on GA media
Severity
Moderate
Notes
Title of the patch: grub2-2.06-25.1 on GA media
Description of the patch: These are all security issues fixed in the grub2-2.06-25.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12137
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2021-3695/ | self |
| https://www.suse.com/security/cve/CVE-2021-3696/ | self |
| https://www.suse.com/security/cve/CVE-2021-3697/ | self |
| https://www.suse.com/security/cve/CVE-2022-28733/ | self |
| https://www.suse.com/security/cve/CVE-2022-28734/ | self |
| https://www.suse.com/security/cve/CVE-2022-28735/ | self |
| https://www.suse.com/security/cve/CVE-2022-28736/ | self |
| https://www.suse.com/security/cve/CVE-2021-3695 | external |
| https://bugzilla.suse.com/1191184 | external |
| https://bugzilla.suse.com/1203445 | external |
| https://bugzilla.suse.com/1205057 | external |
| https://bugzilla.suse.com/1227915 | external |
| https://www.suse.com/security/cve/CVE-2021-3696 | external |
| https://bugzilla.suse.com/1191185 | external |
| https://www.suse.com/security/cve/CVE-2021-3697 | external |
| https://bugzilla.suse.com/1191186 | external |
| https://bugzilla.suse.com/1203445 | external |
| https://bugzilla.suse.com/1205057 | external |
| https://www.suse.com/security/cve/CVE-2022-28733 | external |
| https://bugzilla.suse.com/1198460 | external |
| https://bugzilla.suse.com/1203445 | external |
| https://bugzilla.suse.com/1205057 | external |
| https://bugzilla.suse.com/1227915 | external |
| https://www.suse.com/security/cve/CVE-2022-28734 | external |
| https://bugzilla.suse.com/1198493 | external |
| https://bugzilla.suse.com/1203445 | external |
| https://www.suse.com/security/cve/CVE-2022-28735 | external |
| https://bugzilla.suse.com/1198495 | external |
| https://www.suse.com/security/cve/CVE-2022-28736 | external |
| https://bugzilla.suse.com/1198496 | external |
| https://bugzilla.suse.com/1203445 | external |
| https://bugzilla.suse.com/1205057 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "grub2-2.06-25.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the grub2-2.06-25.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12137",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12137-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3695 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3696 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3697 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28733 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28734 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28735 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28736 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28736/"
}
],
"title": "grub2-2.06-25.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12137-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.06-25.1.aarch64",
"product": {
"name": "grub2-2.06-25.1.aarch64",
"product_id": "grub2-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.06-25.1.aarch64",
"product": {
"name": "grub2-branding-upstream-2.06-25.1.aarch64",
"product_id": "grub2-branding-upstream-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.06-25.1.aarch64",
"product": {
"name": "grub2-i386-pc-2.06-25.1.aarch64",
"product_id": "grub2-i386-pc-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-debug-2.06-25.1.aarch64",
"product": {
"name": "grub2-i386-pc-debug-2.06-25.1.aarch64",
"product_id": "grub2-i386-pc-debug-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.06-25.1.aarch64",
"product": {
"name": "grub2-snapper-plugin-2.06-25.1.aarch64",
"product_id": "grub2-snapper-plugin-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"product": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"product_id": "grub2-systemd-sleep-plugin-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.06-25.1.aarch64",
"product": {
"name": "grub2-x86_64-efi-2.06-25.1.aarch64",
"product_id": "grub2-x86_64-efi-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"product": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"product_id": "grub2-x86_64-efi-debug-2.06-25.1.aarch64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.06-25.1.aarch64",
"product": {
"name": "grub2-x86_64-xen-2.06-25.1.aarch64",
"product_id": "grub2-x86_64-xen-2.06-25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.06-25.1.ppc64le",
"product": {
"name": "grub2-2.06-25.1.ppc64le",
"product_id": "grub2-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.06-25.1.ppc64le",
"product": {
"name": "grub2-branding-upstream-2.06-25.1.ppc64le",
"product_id": "grub2-branding-upstream-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.06-25.1.ppc64le",
"product": {
"name": "grub2-i386-pc-2.06-25.1.ppc64le",
"product_id": "grub2-i386-pc-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-debug-2.06-25.1.ppc64le",
"product": {
"name": "grub2-i386-pc-debug-2.06-25.1.ppc64le",
"product_id": "grub2-i386-pc-debug-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.06-25.1.ppc64le",
"product": {
"name": "grub2-snapper-plugin-2.06-25.1.ppc64le",
"product_id": "grub2-snapper-plugin-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"product": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"product_id": "grub2-systemd-sleep-plugin-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.06-25.1.ppc64le",
"product": {
"name": "grub2-x86_64-efi-2.06-25.1.ppc64le",
"product_id": "grub2-x86_64-efi-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"product": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"product_id": "grub2-x86_64-efi-debug-2.06-25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.06-25.1.ppc64le",
"product": {
"name": "grub2-x86_64-xen-2.06-25.1.ppc64le",
"product_id": "grub2-x86_64-xen-2.06-25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.06-25.1.s390x",
"product": {
"name": "grub2-2.06-25.1.s390x",
"product_id": "grub2-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.06-25.1.s390x",
"product": {
"name": "grub2-branding-upstream-2.06-25.1.s390x",
"product_id": "grub2-branding-upstream-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.06-25.1.s390x",
"product": {
"name": "grub2-i386-pc-2.06-25.1.s390x",
"product_id": "grub2-i386-pc-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-debug-2.06-25.1.s390x",
"product": {
"name": "grub2-i386-pc-debug-2.06-25.1.s390x",
"product_id": "grub2-i386-pc-debug-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.06-25.1.s390x",
"product": {
"name": "grub2-snapper-plugin-2.06-25.1.s390x",
"product_id": "grub2-snapper-plugin-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"product": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"product_id": "grub2-systemd-sleep-plugin-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.06-25.1.s390x",
"product": {
"name": "grub2-x86_64-efi-2.06-25.1.s390x",
"product_id": "grub2-x86_64-efi-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-debug-2.06-25.1.s390x",
"product": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.s390x",
"product_id": "grub2-x86_64-efi-debug-2.06-25.1.s390x"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.06-25.1.s390x",
"product": {
"name": "grub2-x86_64-xen-2.06-25.1.s390x",
"product_id": "grub2-x86_64-xen-2.06-25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-2.06-25.1.x86_64",
"product": {
"name": "grub2-2.06-25.1.x86_64",
"product_id": "grub2-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-branding-upstream-2.06-25.1.x86_64",
"product": {
"name": "grub2-branding-upstream-2.06-25.1.x86_64",
"product_id": "grub2-branding-upstream-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-2.06-25.1.x86_64",
"product": {
"name": "grub2-i386-pc-2.06-25.1.x86_64",
"product_id": "grub2-i386-pc-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-i386-pc-debug-2.06-25.1.x86_64",
"product": {
"name": "grub2-i386-pc-debug-2.06-25.1.x86_64",
"product_id": "grub2-i386-pc-debug-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-snapper-plugin-2.06-25.1.x86_64",
"product": {
"name": "grub2-snapper-plugin-2.06-25.1.x86_64",
"product_id": "grub2-snapper-plugin-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"product": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"product_id": "grub2-systemd-sleep-plugin-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-2.06-25.1.x86_64",
"product": {
"name": "grub2-x86_64-efi-2.06-25.1.x86_64",
"product_id": "grub2-x86_64-efi-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"product": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"product_id": "grub2-x86_64-efi-debug-2.06-25.1.x86_64"
}
},
{
"category": "product_version",
"name": "grub2-x86_64-xen-2.06-25.1.x86_64",
"product": {
"name": "grub2-x86_64-xen-2.06-25.1.x86_64",
"product_id": "grub2-x86_64-xen-2.06-25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.06-25.1.aarch64"
},
"product_reference": "grub2-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le"
},
"product_reference": "grub2-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.06-25.1.s390x"
},
"product_reference": "grub2-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-2.06-25.1.x86_64"
},
"product_reference": "grub2-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64"
},
"product_reference": "grub2-branding-upstream-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le"
},
"product_reference": "grub2-branding-upstream-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x"
},
"product_reference": "grub2-branding-upstream-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-branding-upstream-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64"
},
"product_reference": "grub2-branding-upstream-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64"
},
"product_reference": "grub2-i386-pc-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le"
},
"product_reference": "grub2-i386-pc-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x"
},
"product_reference": "grub2-i386-pc-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64"
},
"product_reference": "grub2-i386-pc-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-debug-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64"
},
"product_reference": "grub2-i386-pc-debug-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-debug-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le"
},
"product_reference": "grub2-i386-pc-debug-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-debug-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x"
},
"product_reference": "grub2-i386-pc-debug-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-i386-pc-debug-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64"
},
"product_reference": "grub2-i386-pc-debug-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64"
},
"product_reference": "grub2-snapper-plugin-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le"
},
"product_reference": "grub2-snapper-plugin-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x"
},
"product_reference": "grub2-snapper-plugin-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-snapper-plugin-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64"
},
"product_reference": "grub2-snapper-plugin-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64"
},
"product_reference": "grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le"
},
"product_reference": "grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x"
},
"product_reference": "grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-systemd-sleep-plugin-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64"
},
"product_reference": "grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64"
},
"product_reference": "grub2-x86_64-efi-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le"
},
"product_reference": "grub2-x86_64-efi-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x"
},
"product_reference": "grub2-x86_64-efi-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64"
},
"product_reference": "grub2-x86_64-efi-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64"
},
"product_reference": "grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le"
},
"product_reference": "grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x"
},
"product_reference": "grub2-x86_64-efi-debug-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-efi-debug-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64"
},
"product_reference": "grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.06-25.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64"
},
"product_reference": "grub2-x86_64-xen-2.06-25.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.06-25.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le"
},
"product_reference": "grub2-x86_64-xen-2.06-25.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.06-25.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x"
},
"product_reference": "grub2-x86_64-xen-2.06-25.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-x86_64-xen-2.06-25.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
},
"product_reference": "grub2-x86_64-xen-2.06-25.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3695"
}
],
"notes": [
{
"category": "general",
"text": "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3695",
"url": "https://www.suse.com/security/cve/CVE-2021-3695"
},
{
"category": "external",
"summary": "SUSE Bug 1191184 for CVE-2021-3695",
"url": "https://bugzilla.suse.com/1191184"
},
{
"category": "external",
"summary": "SUSE Bug 1203445 for CVE-2021-3695",
"url": "https://bugzilla.suse.com/1203445"
},
{
"category": "external",
"summary": "SUSE Bug 1205057 for CVE-2021-3695",
"url": "https://bugzilla.suse.com/1205057"
},
{
"category": "external",
"summary": "SUSE Bug 1227915 for CVE-2021-3695",
"url": "https://bugzilla.suse.com/1227915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3695"
},
{
"cve": "CVE-2021-3696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3696"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it\u0027s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3696",
"url": "https://www.suse.com/security/cve/CVE-2021-3696"
},
{
"category": "external",
"summary": "SUSE Bug 1191185 for CVE-2021-3696",
"url": "https://bugzilla.suse.com/1191185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3696"
},
{
"cve": "CVE-2021-3697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3697"
}
],
"notes": [
{
"category": "general",
"text": "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3697",
"url": "https://www.suse.com/security/cve/CVE-2021-3697"
},
{
"category": "external",
"summary": "SUSE Bug 1191186 for CVE-2021-3697",
"url": "https://bugzilla.suse.com/1191186"
},
{
"category": "external",
"summary": "SUSE Bug 1203445 for CVE-2021-3697",
"url": "https://bugzilla.suse.com/1203445"
},
{
"category": "external",
"summary": "SUSE Bug 1205057 for CVE-2021-3697",
"url": "https://bugzilla.suse.com/1205057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3697"
},
{
"cve": "CVE-2022-28733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28733"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28733",
"url": "https://www.suse.com/security/cve/CVE-2022-28733"
},
{
"category": "external",
"summary": "SUSE Bug 1198460 for CVE-2022-28733",
"url": "https://bugzilla.suse.com/1198460"
},
{
"category": "external",
"summary": "SUSE Bug 1203445 for CVE-2022-28733",
"url": "https://bugzilla.suse.com/1203445"
},
{
"category": "external",
"summary": "SUSE Bug 1205057 for CVE-2022-28733",
"url": "https://bugzilla.suse.com/1205057"
},
{
"category": "external",
"summary": "SUSE Bug 1227915 for CVE-2022-28733",
"url": "https://bugzilla.suse.com/1227915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-28733"
},
{
"cve": "CVE-2022-28734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28734"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It\u0027s conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2\u0027s internal memory metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28734",
"url": "https://www.suse.com/security/cve/CVE-2022-28734"
},
{
"category": "external",
"summary": "SUSE Bug 1198493 for CVE-2022-28734",
"url": "https://bugzilla.suse.com/1198493"
},
{
"category": "external",
"summary": "SUSE Bug 1203445 for CVE-2022-28734",
"url": "https://bugzilla.suse.com/1203445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-28734"
},
{
"cve": "CVE-2022-28735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28735"
}
],
"notes": [
{
"category": "general",
"text": "The GRUB2\u0027s shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28735",
"url": "https://www.suse.com/security/cve/CVE-2022-28735"
},
{
"category": "external",
"summary": "SUSE Bug 1198495 for CVE-2022-28735",
"url": "https://bugzilla.suse.com/1198495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-28735"
},
{
"cve": "CVE-2022-28736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28736"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn\u0027t support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2\u0027s memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28736",
"url": "https://www.suse.com/security/cve/CVE-2022-28736"
},
{
"category": "external",
"summary": "SUSE Bug 1198496 for CVE-2022-28736",
"url": "https://bugzilla.suse.com/1198496"
},
{
"category": "external",
"summary": "SUSE Bug 1203445 for CVE-2022-28736",
"url": "https://bugzilla.suse.com/1203445"
},
{
"category": "external",
"summary": "SUSE Bug 1205057 for CVE-2022-28736",
"url": "https://bugzilla.suse.com/1205057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grub2-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-branding-upstream-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-i386-pc-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-snapper-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-systemd-sleep-plugin-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-efi-debug-2.06-25.1.x86_64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.aarch64",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.ppc64le",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.s390x",
"openSUSE Tumbleweed:grub2-x86_64-xen-2.06-25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-28736"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…