Launchpad.net

CVE 2022-28733

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

Related bugs and status

CVE-2022-28733 (Candidate) is related to these bugs:

Bug #1926748: regression in xenial updates - grub2 cannot handle new arm64 relocations

		In	Importance	Status
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2 (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu)	Undecided	Invalid
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Trusty)	Undecided	Confirmed
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Xenial)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-signed (Ubuntu Bionic)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Bionic)	Undecided	Fix Released
1926748	regression in xenial updates - grub2 cannot handle new arm64 relocations	grub2-unsigned (Ubuntu Jammy)	Undecided	Fix Released

Bug #1930742: cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable

		In	Importance	Status
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu)	Undecided	Invalid
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu Xenial)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-signed (Ubuntu Bionic)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Bionic)	Undecided	Fix Released
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	shim-signed (Ubuntu Bionic)	Undecided	Invalid
1930742	cloud images in xenial do not get their boot path updated because we don't call grub-install --force-extra-removable	grub2-unsigned (Ubuntu Jammy)	Undecided	Fix Released

Bug #2008950: Missing modules on arm64 builds of monolithic grub

Summary				In	Importance	Status
	2008950	Missing modules on arm64 builds of monolithic grub		grub2 (Ubuntu)	Undecided	Fix Released

Bug #2028947: grub2-unsigned/2.12~rc1-4ubuntu1 signing

		In	Importance	Status
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-unsigned (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-signed (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs task00	Medium	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2 (Ubuntu)	Undecided	Fix Released

Bug #2034119: [Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs

Summary				In	Importance	Status
	2034119	[Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-28733

Related bugs and status

Related bugs

References