CVE-2022-28735

6.7MEDIUM

Key Information:

Vendor: Gnu Project
Status: Gnu Grub
Vendor: CVE Published:; 20 July 2023

Summary

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

Affected Version(s)

GNU GRUB Linux 0 < 2.06-3

References

https://www.openwall.com/lists/oss-security/2022/06/07/5

mailing-list

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2...

issue-tracking

https://security.netapp.com/advisory/ntap-20230825-0002/

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2023
Vulnerability Reserved
Apr 5, 2022

Credit

Julian Andres Klode