Astra Linux – Vulnerability in grub2

The GRUB2’s shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules being loaded in GRUB2, thereby breaking the secure boot trust-chain...

Linux Distros Unpatched Vulnerability : CVE-2022-28735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified...

The vulnerability of the shim_lock component in the Grub2 operating system allows a hacker to break the trust chain of secure loading.

The vulnerability of the shimlock component in the Grub2 operating system is related to the loading of non-atomic files into the secure boot mechanism that supports shim. Exploiting this vulnerability can allow an attacker to break the trust chain of the secure boot mechanism...

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

...

AZL-27551 CVE-2022-28735 affecting package grub2 for versions less than 2.06-12

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

DEBIAN-CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

SUSE CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

The vulnerability of the implementation of the shim_lock verification mechanism in the Grub2 operating system allows a perpetrator to execute arbitrary code and gain full control over the device.

The vulnerability of the shimlock verification mechanism in the Grub2 operating system’s loader is related to incorrect checking of the cryptographic signature. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain full control over the device...

grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

grub2 数据伪造问题漏洞

grub2 is a Linux system boot program from the US GNU community. A data forgery issue vulnerability exists in grub2 that stems from the shimlock validator allowing non-kernel files to be loaded...

ALPINE-CVE-2021-3418

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction...

PT-2021-7384 · Grub2 +2 · Grub2 +2

Name of the Vulnerable Software and Affected Versions: Grub2 versions prior to 2.06 Description: The issue is related to the implementation of the shim lock mechanism in Grub2, which is associated with incorrect cryptographic signature verification. This flaw allows an attacker to boot any kernel...