https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2 file ships with some odd object related to `saved_entry`:

<ind-def:textfilecontent54_object id="oval:com.redhat.rhsa:obj:20191167027" version="643">
 <ind-def:filepath datatype="string">/boot/grub2/grubenv</ind-def:filepath>
 <ind-def:pattern operation="pattern match">(?<=^saved_entry=).*</ind-def:pattern>
 <ind-def:instance datatype="int">1</ind-def:instance>
</ind-def:textfilecontent54_object>

This object is then used in the following variable:

<local_variable comment="Get saved_entry in /boot/grub2/grubenv" datatype="int" id="oval:com.redhat.rhsa:var:20191167001" version="643">
 <arithmetic arithmetic_operation="add">
  <literal_component datatype="int">1</literal_component>
  <object_component item_field="text" object_ref="oval:com.redhat.rhsa:obj:20191167027"/>
 </arithmetic>
</local_variable>

Here above there are 2 issues:

1. On RHEL8 and later, `saved_entry` is not a number anymore, but a BLS snippet, e.g. `saved_entry=7e6826842a934d13849aa6cdca450637-4.18.0-425.19.2.el8_7.x86_64`
2. The content of the variable is definitely not a number, but a arithmetic `add` operation is performed

Talking to Jan Cerny about this, he confirms there is something wrong in what we ship.