Lucene search

RedhatCVE-2019-14865

HistoryNov 29, 2019 - 10:15 a.m.

CVE-2019-14865

2019-11-2910:15:12

CWE-267

redhat

web.nvd.nist.gov

cve-2019-14865

grub2

resource pressure

local attacker

nvd

system unbootable

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.4

Confidence

High

EPSS

Percentile

5.1%

JSON

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_eusMatch8.1

AND

gnugrub2Match-

VendorProductVersionCPE
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus8.1cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
gnugrub2-cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux_eus	8.1	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
gnu	grub2	-	cpe:2.3:a:gnu:grub2:-:::::::*

CNA Affected

[
  {
    "product": "grub2",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]