Bug 13528

Please patch CVEs for package grub2 version 2.06
  
INFO (CVEs are): grub2 2.06
 cves found
CVE-2022-28733
Desc: Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28733
Severity: HIGH
CVE-2022-28734
Desc: Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28734
Severity: CRITICAL
CVE-2022-28735
Desc: The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28735
Severity: HIGH
CVE-2022-28736
Desc: There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-28736
Severity: HIGH