Launchpad.net

CVE 2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.

Related bugs and status

CVE-2022-28734 (Candidate) is related to these bugs:

Bug #1926748: regression in xenial updates - grub2 cannot handle new arm64 relocations

		In	Importance	Status
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu)	Undecided	Invalid
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Bionic)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Bionic)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Jammy)	Undecided	Fix Released

Bug #1930742: cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable

		In	Importance	Status
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu)	Undecided	Invalid
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu Bionic)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Bionic)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu Bionic)	Undecided	Invalid
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Jammy)	Undecided	Fix Released

Bug #2008950: Missing modules on arm64 builds of monolithic grub

Summary				In	Importance	Status
	2008950	Missing modules on arm64 builds of monolithic grub		grub2 (Ubuntu)	Undecided	Fix Released

Bug #2028947: grub2-unsigned/2.12~rc1-4ubuntu1 signing

		In	Importance	Status
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-unsigned (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-signed (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs task00	Medium	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2 (Ubuntu)	Undecided	Fix Released

Bug #2034119: [Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs

Summary				In	Importance	Status
	2034119	[Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-28734

Related bugs and status

Related bugs

References