Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2022:5098 - Security Advisory
Issued:
2022-06-16
Updated:
2022-06-16

RHSA-2022:5098 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: grub2, mokutil, and shim security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grub2, mokutil, and shim is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

Security Fix(es):

  • grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)
  • grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695)
  • grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696)
  • grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697)
  • grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)
  • grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735)
  • grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)
  • shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 1991685 - CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
  • BZ - 1991686 - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
  • BZ - 1991687 - CVE-2021-3697 grub2: Crafted JPEG image can lead to buffer underflow write in the heap
  • BZ - 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets
  • BZ - 2090463 - CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers
  • BZ - 2090857 - CVE-2022-28735 grub2: shim_lock verifier allows non-kernel files to be loaded
  • BZ - 2090899 - CVE-2022-28737 shim: Buffer overflow when loading crafted EFI images
  • BZ - 2092613 - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader()

CVEs

  • CVE-2021-3695
  • CVE-2021-3696
  • CVE-2021-3697
  • CVE-2022-28733
  • CVE-2022-28734
  • CVE-2022-28735
  • CVE-2022-28736
  • CVE-2022-28737

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
grub2-2.02-87.el8_1.10.src.rpm SHA-256: 89eb795823e02a2239bb42dba146666d17141abfef664118ef517bf2512eee5f
ppc64le
grub2-common-2.02-87.el8_1.10.noarch.rpm SHA-256: 6a0e47e8ebf6e4bf9cac9d250d0d0ce32628c944cc1c2377bbf2b695dcd2c2a5
grub2-debuginfo-2.02-87.el8_1.10.ppc64le.rpm SHA-256: 4c607bafdb746935585aa6a961da3d914d25e91f4a319aa34299dcdf358dc0c1
grub2-debugsource-2.02-87.el8_1.10.ppc64le.rpm SHA-256: c0031bf377d8360a7315151441475d1bf15d8818ba2efc25a0b6e200142a57f6
grub2-efi-aa64-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: ea86154be3a3aa355fa2325b392d8acbe222e29ce64bc620e52533418389296f
grub2-efi-ia32-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 8e9f92700e548b9cd3f62fa05a005f061a47d627eec09b4484222155354203d2
grub2-efi-x64-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 8b9da5bf6a64e5f9dfb98af97aad9d3e16a99908051d3f81bb2e745fcfa5a7c6
grub2-pc-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 026bff376032fcc69f79bbcf421a75b3642bc6af473eaff7d51e559eb2333808
grub2-ppc64le-2.02-87.el8_1.10.ppc64le.rpm SHA-256: 4fc916a14596eac28de7c4f1661b6656e322e4fd4b599502e39382b45ec89b11
grub2-ppc64le-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 5707173efd91edc1550cbbe0a5056f358148c73f3d2d311cc40ce6b0c32bb326
grub2-tools-2.02-87.el8_1.10.ppc64le.rpm SHA-256: afccc2763077e67bd330dd43297dcd4bebe77c94007440980880938021542b83
grub2-tools-debuginfo-2.02-87.el8_1.10.ppc64le.rpm SHA-256: 0b9f7c15e7a672ab4e39bde0cfc7f3efdc231e91b9c006d585f7acc4fe77b64f
grub2-tools-extra-2.02-87.el8_1.10.ppc64le.rpm SHA-256: a6d99f5e65b3b31230e924c3aad25f3ce17fdbddefb0541bd13950742a6291e7
grub2-tools-extra-debuginfo-2.02-87.el8_1.10.ppc64le.rpm SHA-256: 90f4c40aea16a0acb23801adb1b097c03d12fbeb295b4802a0873205dc92271f
grub2-tools-minimal-2.02-87.el8_1.10.ppc64le.rpm SHA-256: 70f4948223f293a56c37e95a1e297c8d39743a96631e0367279718f78b5e10a9
grub2-tools-minimal-debuginfo-2.02-87.el8_1.10.ppc64le.rpm SHA-256: 0dc6e00891d11e4ba07c0fc3150f4ff3ad6f6a4590c61821d1a0e6d2b9c1526f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
grub2-2.02-87.el8_1.10.src.rpm SHA-256: 89eb795823e02a2239bb42dba146666d17141abfef664118ef517bf2512eee5f
mokutil-0.3.0-9.el8_1.1.src.rpm SHA-256: b5abc9472de38befce1185088435ba06fc6dfc5a20c87abba208947e4b9ed0b5
shim-15.6-1.el8.src.rpm SHA-256: b9fb543eb9bae0ce3314d8c5eff69267222cba1fafa79d7e926c77146198c068
x86_64
grub2-common-2.02-87.el8_1.10.noarch.rpm SHA-256: 6a0e47e8ebf6e4bf9cac9d250d0d0ce32628c944cc1c2377bbf2b695dcd2c2a5
grub2-debuginfo-2.02-87.el8_1.10.x86_64.rpm SHA-256: 80d085d719f6afcf3c52613be5632ff5003df4d7f7f08bfcf7f9562bd33dc1c5
grub2-debugsource-2.02-87.el8_1.10.x86_64.rpm SHA-256: ce86e0fce91dcb4c0c099bed0ca726435130689100e1f0721782b287ab9f22ce
grub2-efi-aa64-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: ea86154be3a3aa355fa2325b392d8acbe222e29ce64bc620e52533418389296f
grub2-efi-ia32-2.02-87.el8_1.10.x86_64.rpm SHA-256: 30dbdaf991ca868e03686cdbd967ed20f32b03d4243c7109b4003ef903b881b6
grub2-efi-ia32-cdboot-2.02-87.el8_1.10.x86_64.rpm SHA-256: 504163bd13ad3669375dc7bf43cc8a6e13fe4f4a6537e15163306db601d38a99
grub2-efi-ia32-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 8e9f92700e548b9cd3f62fa05a005f061a47d627eec09b4484222155354203d2
grub2-efi-x64-2.02-87.el8_1.10.x86_64.rpm SHA-256: 8171df54676e73b24b1c85a9c1c1c089c8f5127aaec2c140ba00ee29cdc0909a
grub2-efi-x64-cdboot-2.02-87.el8_1.10.x86_64.rpm SHA-256: 5806e36b5f511e4d7ea7ad4a48246608dd986fffe85743842f6e327aeac656d5
grub2-efi-x64-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 8b9da5bf6a64e5f9dfb98af97aad9d3e16a99908051d3f81bb2e745fcfa5a7c6
grub2-pc-2.02-87.el8_1.10.x86_64.rpm SHA-256: ddd390c83c38ac37939982ecc21a327a53cca1fbbd00c5245c8352d51921ae17
grub2-pc-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 026bff376032fcc69f79bbcf421a75b3642bc6af473eaff7d51e559eb2333808
grub2-ppc64le-modules-2.02-87.el8_1.10.noarch.rpm SHA-256: 5707173efd91edc1550cbbe0a5056f358148c73f3d2d311cc40ce6b0c32bb326
grub2-tools-2.02-87.el8_1.10.x86_64.rpm SHA-256: bb433dcbb8aeba999aec8e9b14d1a82ca1b610d9955d78fab23ded08964c5128
grub2-tools-debuginfo-2.02-87.el8_1.10.x86_64.rpm SHA-256: 76325b15349eb82d260d5256013b5224ab818f4c5bee6aff25ac890b121c2fdb
grub2-tools-efi-2.02-87.el8_1.10.x86_64.rpm SHA-256: 9edb24b8e7d59e11a1d7dc07af2e09773fd71d9e2275fe08dbfb60eba63e51d4
grub2-tools-efi-debuginfo-2.02-87.el8_1.10.x86_64.rpm SHA-256: d7202dfd5aaeea2a31369a0e34cd2fff16c0bd9817edd397241357def2b69aec
grub2-tools-extra-2.02-87.el8_1.10.x86_64.rpm SHA-256: 8bad3ae3d87b5265035e7eb9571a90650e57965e6b9bdcfc5a568b6027be479b
grub2-tools-extra-debuginfo-2.02-87.el8_1.10.x86_64.rpm SHA-256: 2f1300042bff6513016b78945f84f8009717498363dc35e1e49d15c18dded88e
grub2-tools-minimal-2.02-87.el8_1.10.x86_64.rpm SHA-256: d2d75057cf6819e19f12671e9fdc88c3f3152af63e88014005ff429d914da3f9
grub2-tools-minimal-debuginfo-2.02-87.el8_1.10.x86_64.rpm SHA-256: 3f3cd09071075616491e5333a08227de9b89c57e8184308be7bb43345f05889a
mokutil-0.3.0-9.el8_1.1.x86_64.rpm SHA-256: ebfa4c9aaee6fe39b3af182f6fe19cb208251713793118d47be331e041e70bed
mokutil-debuginfo-0.3.0-9.el8_1.1.x86_64.rpm SHA-256: 9a13295a60d77e25be0c0a17566e22e5a838c2152e46994fb7e92905f5909143
mokutil-debugsource-0.3.0-9.el8_1.1.x86_64.rpm SHA-256: 6d4d45019924b0c7737ed07983450db64f0686438c1a361cd6f057b930e5f3cc
shim-ia32-15.6-1.el8.x86_64.rpm SHA-256: 88f0659083e351ab8b8767a54336b69635d20797232d018ffbc9c578c8fc5c2b
shim-x64-15.6-1.el8.x86_64.rpm SHA-256: d725cc71c0cb795b4e42e5595ede9460419e8924635802dcf8415cc1c7004358

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter