Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2289)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.2.2022.2289

Category: Huawei EulerOS Local Security Checks

Title: Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2289)

Summary: The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2022-2289 advisory.

Description: Summary:
The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2022-2289 advisory.

Vulnerability Insight:
A use-after-free vulnerability was found on grub2's chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern.(CVE-2022-28736)

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.(CVE-2022-28734)

A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution.(CVE-2022-28733)

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3697)

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3696)

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3695)

Affected Software/OS:
'grub2' package(s) on Huawei EulerOS V2.0SP9(x86_64).

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3695
https://security.gentoo.org/glsa/202209-12
https://bugzilla.redhat.com/show_bug.cgi?id=1991685
Common Vulnerability Exposure (CVE) ID: CVE-2021-3696
https://bugzilla.redhat.com/show_bug.cgi?id=1991686
Common Vulnerability Exposure (CVE) ID: CVE-2021-3697
https://bugzilla.redhat.com/show_bug.cgi?id=1991687
Common Vulnerability Exposure (CVE) ID: CVE-2022-28733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733
https://www.openwall.com/lists/oss-security/2022/06/07/5
Common Vulnerability Exposure (CVE) ID: CVE-2022-28734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734
Common Vulnerability Exposure (CVE) ID: CVE-2022-28736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.2.2022.2289
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2289)
Summary:	The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2022-2289 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2022-2289 advisory. Vulnerability Insight: A use-after-free vulnerability was found on grub2's chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern.(CVE-2022-28736) A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.(CVE-2022-28734) A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution.(CVE-2022-28733) A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3697) A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3696) A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.(CVE-2021-3695) Affected Software/OS: 'grub2' package(s) on Huawei EulerOS V2.0SP9(x86_64). Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3695 https://security.gentoo.org/glsa/202209-12 https://bugzilla.redhat.com/show_bug.cgi?id=1991685 Common Vulnerability Exposure (CVE) ID: CVE-2021-3696 https://bugzilla.redhat.com/show_bug.cgi?id=1991686 Common Vulnerability Exposure (CVE) ID: CVE-2021-3697 https://bugzilla.redhat.com/show_bug.cgi?id=1991687 Common Vulnerability Exposure (CVE) ID: CVE-2022-28733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 https://www.openwall.com/lists/oss-security/2022/06/07/5 Common Vulnerability Exposure (CVE) ID: CVE-2022-28734 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734 Common Vulnerability Exposure (CVE) ID: CVE-2022-28736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736
Copyright	Copyright (C) 2022 Greenbone AG