{"id":"CLSA-2022-1669388927","summary":"grub2: Fix of 7 CVEs","details":"- CVE-2021-3981: Fix default privileges of grub.cfg file\n- CVE-2022-28736: Fix use-after-free bug when grub_cmd_chainloader is executed\n  more than once before a boot attempt is performed.\n- CVE-2021-3695: Drop greyscale support to fix heap out-of-bounds write\n- CVE-2021-3696: Fix out of range insertion into huffman table\n- CVE-2021-3697: Fix integer undeflow which resulted in wild pointer write\n- CVE-2022-28733: Fix integer underflow which resulted in subsequent unpleasantness\n- CVE-2022-28734: Fix erros in handling of split http headers","modified":"2026-05-27T11:33:31.922550938Z","published":"2022-11-25T15:08:47Z","upstream":["CVE-2021-3695","CVE-2021-3696","CVE-2021-3697","CVE-2021-3981","CVE-2022-28733","CVE-2022-28734","CVE-2022-28736"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.4-els/CLSA-2022-1669388927.html"}],"affected":[{"package":{"name":"grub2-common","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-common?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-efi-ia32","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-efi-ia32?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-efi-ia32-cdboot","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-efi-ia32-cdboot?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-efi-ia32-modules","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-efi-ia32-modules?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-efi-x64","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-efi-x64?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-efi-x64-cdboot","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-efi-x64-cdboot?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-efi-x64-modules","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-efi-x64-modules?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-pc","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-pc?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-pc-modules","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-pc-modules?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-tools","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-tools?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-tools-efi","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-tools-efi?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-tools-extra","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-tools-extra?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}},{"package":{"name":"grub2-tools-minimal","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/grub2-tools-minimal?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-106.el8.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1669388927.json"}}],"schema_version":"1.7.5"}