CVE-2022-28733 - How an Integer Underflow in GRUB Network Code Can Compromise Your System
In early 2022, security researchers discovered CVE-2022-28733—a critical vulnerability in the GRUB bootloader's network stack. This flaw exists in the grub_net_
CVE-2022-28734 - Out-of-Bounds Write in GRUB2's HTTP Header Handling – Root Cause, Exploit, and Impact
Date posted: 2024-06-17
Reading time: ~8 minutes
Introduction
In 2022, a security vulnerability impacting GRUB2—the Grand Unified Bootloader—was reported under the identifier CVE-2022-28734.
CVE-2022-28735 - Breaking Secure Boot Trust with GRUB2's shim_lock Verifier (Explained + Exploit Example)
Secure Boot is a key security feature on modern PCs that stops bad code from running too early in the boot process. But what if
CVE-2022-28736 - Exploiting the Use-After-Free Vulnerability in GRUB2's `chainloader` Command
In June 2022, a critical use-after-free vulnerability was disclosed in GRUB2, the widely-used bootloader for Linux systems. This post breaks down CVE-2022-28736—found in the
Episode
00:00:00
00:00:00