CVE-2022-28735 Affecting grub2-s390x-emu package, versions <2.04-150200.9.63.2
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES152-GRUB2S390XEMU-2871134
- published 15 Jun 2022
- disclosed 14 Jun 2022
Introduced: 14 Jun 2022
CVE-2022-28735 Open this link in a new tabHow to fix?
Upgrade SLES:15.2
grub2-s390x-emu
to version 2.04-150200.9.63.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream grub2-s390x-emu
package and not the grub2-s390x-emu
package as distributed by SLES
.
See How to fix?
for SLES:15.2
relevant fixed versions and status.
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
References
- CVE-2022-28735
- E-Mail link for SUSE-SU-2022:2074-1
- Link for SUSE-SU-2022:2074-1
- SUSE Bug 1191184
- SUSE Bug 1191185
- SUSE Bug 1191186
- SUSE Bug 1193282
- SUSE Bug 1197948
- SUSE Bug 1198460
- SUSE Bug 1198493
- SUSE Bug 1198495
- SUSE Bug 1198496
- SUSE Bug 1198581
- SUSE CVE CVE-2021-3695 page
- SUSE CVE CVE-2021-3696 page
- SUSE CVE CVE-2021-3697 page
- SUSE CVE CVE-2022-28733 page
- SUSE CVE CVE-2022-28734 page
- SUSE CVE CVE-2022-28735 page
- SUSE CVE CVE-2022-28736 page
- SUSE Security Ratings
- security@ubuntu.com
- security@ubuntu.com
- security@ubuntu.com