{"id":"ALSA-2022:5095","summary":"Important: grub2, mokutil, shim, and shim-unsigned-x64 security update","details":"The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\nSecurity Fix(es):\n* grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)\n* grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)\n* grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)\n* grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)\n* grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)\n* grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)\n* grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)\n* shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T04:30:20.923072Z","published":"2022-06-16T00:00:00Z","related":["CVE-2021-3695","CVE-2021-3696","CVE-2021-3697","CVE-2022-28733","CVE-2022-28734","CVE-2022-28735","CVE-2022-28736","CVE-2022-28737"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3695"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3696"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3697"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-28733"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-28734"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-28735"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-28736"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-28737"},{"type":"REPORT","url":"https://bugzilla.redhat.com/1991685"},{"type":"REPORT","url":"https://bugzilla.redhat.com/1991686"},{"type":"REPORT","url":"https://bugzilla.redhat.com/1991687"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2083339"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2090463"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2090857"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2090899"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2092613"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2022-5095.html"}],"affected":[{"package":{"name":"grub2-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-aa64","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-aa64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-aa64-cdboot","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-aa64-cdboot"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-aa64-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-aa64-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-ia32","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-ia32"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-ia32-cdboot","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-ia32-cdboot"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-ia32-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-ia32-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-x64","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-x64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-x64-cdboot","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-x64-cdboot"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-efi-x64-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-efi-x64-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-pc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-pc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-pc-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-pc-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-ppc64le-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-ppc64le-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-tools","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-tools-efi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-tools-efi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-tools-extra","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-tools-extra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"grub2-tools-minimal","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/grub2-tools-minimal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-123.el8_6.8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"shim-aa64","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/shim-aa64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.6-1.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"shim-ia32","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/shim-ia32"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.6-1.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"shim-unsigned-x64","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/shim-unsigned-x64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.6-1.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}},{"package":{"name":"shim-x64","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/shim-x64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.6-1.el8.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5095.json"}}],"schema_version":"1.7.3"}