Lucene search

AmazonALAS-2024-2499

HistoryMar 13, 2024 - 8:26 p.m.

Low: grub2

2024-03-1320:26:00

alas.aws.amazon.com

grub2

filesystem

cve-2024-1048

update

amazon linux 2

red hat

mitre

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0005 Low

EPSS

Percentile

15.3%

JSON

Issue Overview:

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. (CVE-2024-1048)

Affected Packages:

grub2

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update grub2 to update your system.

New Packages:

aarch64:  
    grub2-2.06-14.amzn2.0.3.aarch64  
    grub2-tools-2.06-14.amzn2.0.3.aarch64  
    grub2-tools-minimal-2.06-14.amzn2.0.3.aarch64  
    grub2-tools-extra-2.06-14.amzn2.0.3.aarch64  
    grub2-efi-aa64-2.06-14.amzn2.0.3.aarch64  
    grub2-efi-aa64-ec2-2.06-14.amzn2.0.3.aarch64  
    grub2-efi-aa64-cdboot-2.06-14.amzn2.0.3.aarch64  
    grub2-emu-2.06-14.amzn2.0.3.aarch64  
    grub2-emu-modules-2.06-14.amzn2.0.3.aarch64  
    grub2-debuginfo-2.06-14.amzn2.0.3.aarch64  
  
noarch:  
    grub2-common-2.06-14.amzn2.0.3.noarch  
    grub2-efi-x64-modules-2.06-14.amzn2.0.3.noarch  
    grub2-pc-modules-2.06-14.amzn2.0.3.noarch  
    grub2-efi-aa64-modules-2.06-14.amzn2.0.3.noarch  
  
src:  
    grub2-2.06-14.amzn2.0.3.src  
  
x86_64:  
    grub2-2.06-14.amzn2.0.3.x86_64  
    grub2-tools-2.06-14.amzn2.0.3.x86_64  
    grub2-tools-efi-2.06-14.amzn2.0.3.x86_64  
    grub2-tools-minimal-2.06-14.amzn2.0.3.x86_64  
    grub2-tools-extra-2.06-14.amzn2.0.3.x86_64  
    grub2-efi-x64-2.06-14.amzn2.0.3.x86_64  
    grub2-efi-x64-ec2-2.06-14.amzn2.0.3.x86_64  
    grub2-efi-x64-cdboot-2.06-14.amzn2.0.3.x86_64  
    grub2-pc-2.06-14.amzn2.0.3.x86_64  
    grub2-emu-2.06-14.amzn2.0.3.x86_64  
    grub2-emu-modules-2.06-14.amzn2.0.3.x86_64  
    grub2-debuginfo-2.06-14.amzn2.0.3.x86_64

Additional References

Red Hat: CVE-2024-1048

Mitre: CVE-2024-1048

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64grub2< 2.06-14.amzn2.0.3grub2-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-tools< 2.06-14.amzn2.0.3grub2-tools-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-tools-minimal< 2.06-14.amzn2.0.3grub2-tools-minimal-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-tools-extra< 2.06-14.amzn2.0.3grub2-tools-extra-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-efi-aa64< 2.06-14.amzn2.0.3grub2-efi-aa64-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-efi-aa64-ec2< 2.06-14.amzn2.0.3grub2-efi-aa64-ec2-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-efi-aa64-cdboot< 2.06-14.amzn2.0.3grub2-efi-aa64-cdboot-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-emu< 2.06-14.amzn2.0.3grub2-emu-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-emu-modules< 2.06-14.amzn2.0.3grub2-emu-modules-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64grub2-debuginfo< 2.06-14.amzn2.0.3grub2-debuginfo-2.06-14.amzn2.0.3.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	grub2	< 2.06-14.amzn2.0.3	grub2-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-tools	< 2.06-14.amzn2.0.3	grub2-tools-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-tools-minimal	< 2.06-14.amzn2.0.3	grub2-tools-minimal-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-tools-extra	< 2.06-14.amzn2.0.3	grub2-tools-extra-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-efi-aa64	< 2.06-14.amzn2.0.3	grub2-efi-aa64-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-efi-aa64-ec2	< 2.06-14.amzn2.0.3	grub2-efi-aa64-ec2-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-efi-aa64-cdboot	< 2.06-14.amzn2.0.3	grub2-efi-aa64-cdboot-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-emu	< 2.06-14.amzn2.0.3	grub2-emu-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-emu-modules	< 2.06-14.amzn2.0.3	grub2-emu-modules-2.06-14.amzn2.0.3.aarch64.rpm
Amazon Linux	2	aarch64	grub2-debuginfo	< 2.06-14.amzn2.0.3	grub2-debuginfo-2.06-14.amzn2.0.3.aarch64.rpm