Secure Boot Vulnerability in GRUB2 by Canonical
CVE-2022-28735
6.7MEDIUM
What is CVE-2022-28735?
The GRUB2 shim_lock verifier has a significant security flaw that permits the loading of non-kernel files on systems utilizing shim-powered secure boot. This creates a risk where unverified code and modules could potentially compromise the trusted execution environment, undermining the secure boot trust-chain and allowing unauthorized access to system resources.
Affected Version(s)
GNU GRUB Linux 0 < 2.06-3