Bug 1198496 – VUL-0: CVE-2022-28736: grub2: fixed a use-after-free in chainloader command

Bug 1198496 - (CVE-2022-28736) VUL-0: CVE-2022-28736: grub2: fixed a use-after-free in chainloader command

(CVE-2022-28736)
Summary:	VUL-0: CVE-2022-28736: grub2: fixed a use-after-free in chainloader command

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Bootloader Maintainers
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/329066/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-28736:8.4:(AV:...
Keywords:

Depends on:
Blocks:	1198581
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-04-14 14:43 UTC by Marcus Meissner
Modified:	2023-01-11 15:46 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
0003-loader-efi-chainloader-Use-grub_loader_set_ex.patch (2.52 KB, patch) 2022-04-14 14:44 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Marcus Meissner 2022-04-14 14:44:07 UTC

Created attachment 858163 [details]
0003-loader-efi-chainloader-Use-grub_loader_set_ex.patch

0003-loader-efi-chainloader-Use-grub_loader_set_ex.patch

Comment 3 Marcus Meissner 2022-04-20 11:14:08 UTC

CRD: 2022-05-24

Comment 4 Marcus Meissner 2022-05-16 09:13:54 UTC

New CRD was set to allow shim code to be ready.

CRD: 2022-06-07 10:00PT

Comment 8 Marcus Meissner 2022-06-07 18:14:29 UTC

public now

Comment 9 Swamp Workflow Management 2022-06-10 13:15:57 UTC

SUSE-SU-2022:2037-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    grub2-2.02-137.2
SUSE OpenStack Cloud 8 (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    grub2-2.02-137.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    grub2-2.02-137.2
HPE Helion Openstack 8 (src):    grub2-2.02-137.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-06-10 13:17:22 UTC

SUSE-SU-2022:2035-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    grub2-2.06-150400.11.5.2
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    grub2-2.06-150400.11.5.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2022-06-10 13:18:26 UTC

SUSE-SU-2022:2039-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    grub2-2.02-115.67.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-06-10 13:19:36 UTC

SUSE-SU-2022:2041-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    grub2-2.02-150100.123.12.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    grub2-2.02-150100.123.12.2
SUSE Enterprise Storage 6 (src):    grub2-2.02-150100.123.12.2
SUSE CaaS Platform 4.0 (src):    grub2-2.02-150100.123.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2022-06-10 13:21:48 UTC

SUSE-SU-2022:2036-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise Server 15-LTSS (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    grub2-2.02-150000.122.12.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    grub2-2.02-150000.122.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2022-06-10 13:23:05 UTC

SUSE-SU-2022:2038-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grub2-2.02-143.2
SUSE OpenStack Cloud 9 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server 12-SP5 (src):    grub2-2.02-143.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    grub2-2.02-143.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2022-06-13 19:16:48 UTC

SUSE-SU-2022:2064-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    grub2-2.04-150300.22.20.2
SUSE Linux Enterprise Micro 5.2 (src):    grub2-2.04-150300.22.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2022-06-14 13:16:40 UTC

SUSE-SU-2022:2074-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Manager Retail Branch Server 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Manager Proxy 4.1 (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise Server 15-SP2-BCL (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    grub2-2.04-150200.9.63.2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    grub2-2.04-150200.9.63.2
SUSE Enterprise Storage 7 (src):    grub2-2.04-150200.9.63.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2022-06-14 13:19:44 UTC

SUSE-SU-2022:2073-1: An update that solves 7 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1071559,1159205,1179981,1189769,1189874,1191184,1191185,1191186,1191504,1191974,1192522,1192622,1193282,1193532,1195204,1197948,1198460,1198493,1198495,1198496,1198581
CVE References: CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736
JIRA References: 
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):    grub2-2.04-150300.3.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Benjamin Brunner 2022-07-28 12:29:21 UTC

Bulk-re-assigning to the new bootloader-maintainers@suse.de group.

Comment 21 Hu 2023-01-11 15:46:31 UTC

done, fixed