CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28737 – There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
https://notcve.org/view.php?id=CVE-2022-28737
Arbitrary code execution is not discarded in such scenario. ... A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737 https://www.openwall.com/lists/oss-security/2022/06/07/5 https://access.redhat.com/security/cve/CVE-2022-28737 https://bugzilla.redhat.com/show_bug.cgi?id=2090899 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 40EXPL: 0CVE-2021-3696 – grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
https://notcve.org/view.php?id=CVE-2021-3696
Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. • https://bugzilla.redhat.com/show_bug.cgi?id=1991686 https://security.gentoo.org/glsa/202209-12 https://security.netapp.com/advisory/ntap-20220930-0001 https://access.redhat.com/security/cve/CVE-2021-3696 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-3697 – grub2: Crafted JPEG image can lead to buffer underflow write in the heap
https://notcve.org/view.php?id=CVE-2021-3697
Secure-boot mechanisms circumvention and arbitrary code execution may also be achievable. • https://bugzilla.redhat.com/show_bug.cgi?id=1991687 https://security.gentoo.org/glsa/202209-12 https://security.netapp.com/advisory/ntap-20220930-0001 https://access.redhat.com/security/cve/CVE-2021-3697 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2021-3695 – grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
https://notcve.org/view.php?id=CVE-2021-3695
An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. • https://bugzilla.redhat.com/show_bug.cgi?id=1991685 https://security.gentoo.org/glsa/202209-12 https://security.netapp.com/advisory/ntap-20220930-0001 https://access.redhat.com/security/cve/CVE-2021-3695 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28736 – There's a use-after-free vulnerability in grub_cmd_chainloader() function
https://notcve.org/view.php?id=CVE-2022-28736
If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. ... This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736 https://security.netapp.com/advisory/ntap-20230825-0002 https://www.openwall.com/lists/oss-security/2022/06/07/5 https://access.redhat.com/security/cve/CVE-2022-28736 https://bugzilla.redhat.com/show_bug.cgi?id=2092613 • CWE-416: Use After Free •