Launchpad CVE tracker

CVE 2022-28736

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.

Related bugs and status

CVE-2022-28736 (Candidate) is related to these bugs:

Bug #2008950: Missing modules on arm64 builds of monolithic grub

Summary				In	Importance	Status
	2008950	Missing modules on arm64 builds of monolithic grub		grub2 (Ubuntu)	Undecided	Fix Released

Bug #2028947: grub2-unsigned/2.12~rc1-4ubuntu1 signing

		In	Importance	Status
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-unsigned (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-signed (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs task00	Medium	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2 (Ubuntu)	Undecided	Fix Released

Bug #2034119: [Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs

Summary				In	Importance	Status
	2034119	[Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-28736

References