← Back to CVEs
CVE-2022-28736
MEDIUM6.4
Description
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
CVE Details
CVSS v3.1 Score6.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredHIGH
User InteractionNONE
Published7/20/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
gnu:grub2
Weaknesses (CWE)
CWE-416
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736(security@ubuntu.com)
https://security.netapp.com/advisory/ntap-20230825-0002/(security@ubuntu.com)
https://www.openwall.com/lists/oss-security/2022/06/07/5(security@ubuntu.com)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230825-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/06/07/5(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.