Nixpkgs Security Tracker

Untriaged

Permalink CVE-2022-28735

created 4 months, 3 weeks ago

The GRUB2's shim_lock verifier allows non-kernel files to be loaded …

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

Affected products

grub2

<2.06-3

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

nixos-unstable -
- nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@hehongbo Hongbo
@digitalrane Rane <rane+git@junkyard.systems>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.grub2_pvgrub_image

pkgs.grub2_pvhgrub_image

Package maintainers