Latest gnu grub2 Vulnerabilities

CVE-2024-1048
Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
=8.0
=9.0
=40
CVE-2023-4693
Grub2: out-of-bounds read at fs/ntfs.c
ubuntu/grub2<2.12~
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu17.2
ubuntu/grub2-signed<1.187.6~20.04.1
ubuntu/grub2-signed<1.187.6
and 8 more
CVE-2023-4692
Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
ubuntu/grub2<2.12~
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu14.4
ubuntu/grub2-unsigned<2.06-2ubuntu17.2
ubuntu/grub2-signed<1.187.6~20.04.1
ubuntu/grub2-signed<1.187.6
and 6 more
CVE-2023-4001
Grub2: bypass the grub password protection feature
Gnu Grub2
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an ...
ubuntu/grub2-unsigned<2.06-2ubuntu15
ubuntu/grub2<2.06-5
ubuntu/grub2<2.06-2ubuntu14
debian/grub2<=2.06-3~deb10u1
Gnu Grub2<=2.06
Redhat Enterprise Linux=8.0
and 1 more
CVE-2022-2601
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for ...
Gnu Grub2<=2.06
Fedoraproject Fedora=37
Redhat Enterprise Linux Eus=9.0
Redhat Enterprise Linux For Power Little Endian Eus=9.0
Redhat Enterprise Linux Server Aus=8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions=8.1
and 7 more
CVE-2022-28736
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support fr...
Gnu Grub2>=2.00<2.06-3
ubuntu/grub2<2.06-3
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
and 3 more
CVE-2022-28735
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 ...
Gnu Grub2>=2.00<2.06-3
ubuntu/grub2<2.06-3
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
and 3 more
CVE-2022-28734
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bou...
ubuntu/grub2<2.06-3
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
and 4 more
CVE-2022-28733
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstan...
redhat/grub2<1:2.02-0.87.el7_9.11
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
and 3 more
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linu...
Gnu Grub2<2.06-150400.7.1
SUSE Linux Enterprise Server=15-sp4
Gnu Grub2<2.06-18.1
openSUSE Factory
CVE-2021-3981
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low sever...
<=2.06
=34
Gnu Grub2<=2.06
Fedoraproject Fedora=34
debian/grub2<=2.06-3~deb10u1<=2.06-3~deb10u3<=2.06-3~deb11u5<=2.06-3~deb11u4
CVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some tri...
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
and 39 more
CVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may...
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
and 40 more
CVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and...
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
and 41 more
CVE-2021-3418
The GRUB2 upstream version reintroduced the <a href="https://access.redhat.com/security/cve/CVE-2020-15705">CVE-2020-15705</a>. This refers to a distro specific flaw which made upstream in the mention...
redhat/grub<2.06
Gnu Grub2<2.06
CVE-2021-20233
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 c...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2021-20225
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific s...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-27779
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity ...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-27749
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-25647
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If pro...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-25632
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leadi...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 15 more
CVE-2020-14372
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craf...
redhat/grub<2.06
Gnu Grub2<2.06
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Server Aus=7.2
Redhat Enterprise Linux Server Aus=7.3
and 16 more
CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7
redhat/shim<0:15-8.el7
and 63 more
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 65 more
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported direct...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 64 more
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buf...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 47 more
CVE-2020-14309
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic ove...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 37 more
CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leadi...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 47 more
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations w...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 37 more
CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. I...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 41 more
CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be tr...
Gnu Grub2
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Eus=8.1
Gnu Grub2
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Eus=8.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203