Bug 1198496 (CVE-2022-28736)

Summary: VUL-0: CVE-2022-28736: grub2: fixed a use-after-free in chainloader command
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Bootloader Maintainers <bootloader-maintainers>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: cathy.hu, jlee, meissner, zluo
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/329066/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-28736:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1198581    
Attachments: 0003-loader-efi-chainloader-Use-grub_loader_set_ex.patch

Comment 1 Marcus Meissner 2022-04-14 14:44:07 UTC 
Created attachment 858163 [details]
0003-loader-efi-chainloader-Use-grub_loader_set_ex.patch

0003-loader-efi-chainloader-Use-grub_loader_set_ex.patch
Comment 3 Marcus Meissner 2022-04-20 11:14:08 UTC 
CRD: 2022-05-24
Comment 4 Marcus Meissner 2022-05-16 09:13:54 UTC 
New CRD was set to allow shim code to be ready.

CRD: 2022-06-07 10:00PT
Comment 8 Marcus Meissner 2022-06-07 18:14:29 UTC 
public now
Comment 9 Swamp Workflow Management 2022-06-10 13:15:57 UTC 
SUSE-SU-2022:2037-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    grub2-2.02-137.2
SUSE OpenStack Cloud 8 (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    grub2-2.02-137.2
HPE Helion Openstack 8 (src):    grub2-2.02-137.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-06-10 13:17:22 UTC 
SUSE-SU-2022:2035-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    grub2-2.06-150400.11.5.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-06-10 13:18:26 UTC 
SUSE-SU-2022:2039-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    grub2-2.02-115.67.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-06-10 13:19:36 UTC 
SUSE-SU-2022:2041-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    grub2-2.02-150100.123.12.2
SUSE Enterprise Storage 6 (src):    grub2-2.02-150100.123.12.2
SUSE CaaS Platform 4.0 (src):    grub2-2.02-150100.123.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-06-10 13:21:48 UTC 
SUSE-SU-2022:2036-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise Server 15-LTSS (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    grub2-2.02-150000.122.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-06-10 13:23:05 UTC 
SUSE-SU-2022:2038-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grub2-2.02-143.2
SUSE OpenStack Cloud 9 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server 12-SP5 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    grub2-2.02-143.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2022-06-13 19:16:48 UTC 
SUSE-SU-2022:2064-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Micro 5.2 (src):    grub2-2.04-150300.22.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-06-14 13:16:40 UTC 
SUSE-SU-2022:2074-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Manager Retail Branch Server 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Manager Proxy 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server 15-SP2-BCL (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    grub2-2.04-150200.9.63.2
SUSE Enterprise Storage 7 (src):    grub2-2.04-150200.9.63.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2022-06-14 13:19:44 UTC 
SUSE-SU-2022:2073-1: An update that solves 7 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1071559,1159205,1179981,1189769,1189874,1191184,1191185,1191186,1191504,1191974,1192522,1192622,1193282,1193532,1195204,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):    grub2-2.04-150300.3.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Benjamin Brunner 2022-07-28 12:29:21 UTC 
Bulk-re-assigning to the new bootloader-maintainers@suse.de group.
Comment 21 Hu 2023-01-11 15:46:31 UTC 
done, fixed