RedosROS-20220920-01ROS-20220920-01
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.5%
The grub_script_function_create() function of the Grub configuration file has a vulnerability due to a function override error.
function override error while this function is already executed. Exploitation of the vulnerability
allows an attacker to gain access to confidential data, compromise its integrity, and cause a denial of service.
denial of service
Vulnerability of cutmem command of Grub configuration file with authorization. Exploitation
of the vulnerability can be accessed by an attacker to gain access to sensitive data, violate its
vulnerability, a denial of storage is also maintained
Grub configuration file vulnerability with data buffer overrun.
Exploitation of the vulnerability can be accessed by an attacker to gain access to sensitive data,
If the vulnerability is breached, a storage denial is also maintained
Grub configuration file vulnerability is related to incorrect restriction of ACPI commands usage
when Secure Boot is enabled. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data and compromise its integrity.
sensitive data, compromise its integrity, and cause a denial of service
Vulnerability of Linux kernel during direct boot in Secure Boot mode without shim layer is related to the fact that
vulnerable software cannot verify the kernel signature when booting directly without shim.
Exploitation of the vulnerability could allow an attacker to bypass Secure Boot
A vulnerability in the read_section_as_string() function of the Grub configuration file is related to the operation exceeding the
allowable data buffer boundaries, because the maximum length of UINT32_MAX is 1 in bytes. Exploitation
of the vulnerability allows an attacker to violate data integrity and also cause a denial of service
The vulnerability of the grub_cmd_initrd and grub_initrd_init functions of the Grub configuration file is related to the large
number of file system arguments to the initrd command on 32-bit architectures. Exploitation of the
of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and
and cause a denial of service
Grub configuration file vulnerability with lack of data validation from USB device. Exploitation
of the vulnerability can be accessed by an attacker to gain access to sensitive data, breach its
vulnerability, also persists denial of storage
Vulnerability in the configuration file grub.cfg of the Grub2 operating system boot loader is related to errors in the
neutralization of special elements. Exploitation of the vulnerability could allow an attacker to access
to confidential data, compromise its integrity, and cause a denial of service
Vulnerability in the implementation of the dynamic memory allocation function of the Grub2 operating system boot loader
is related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause
affect the integrity, confidentiality and availability of information
A vulnerability in the Grub configuration file is related to an integer overflow of the UINT32 value.
Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its
integrity, as well as cause denial of service
Vulnerability of Setparam_prefix() functions of Grub configuration file with incorrect calculation of errors of
of output data. Exploitation of the vulnerability can be accessed by an attacker to gain access to
sensitive data, violating their vulnerability also maintains a denial of storage
Grub configuration file vulnerability is related to a symlink error on external file systems
file systems. Exploitation of the vulnerability allows an attacker to compromise data integrity and also cause a
denial of service
Vulnerability of Grub configuration file functions with the lack of output data verification when calling a
function. Exploitation of the vulnerability can be accessed by an attacker to gain access to
sensitive data, violating their vulnerability also maintains a denial of storage
GRUB loader vulnerability is related to the fact that if certificates signed by GRUB2 are installed in db,
GRUB2 can be loaded directly and then any kernel can be loaded without signature verification.
Exploiting the vulnerability could allow an attacker to boot a kernel in safe boot mode, and
perform a lockdown, even though it may have been modified.
A vulnerability in the rmmod implementation of the Grub configuration file is related to the lack of checking for the presence of
of loaded modules. Exploitation of the vulnerability could allow an attacker to gain access to
confidential data, compromise its integrity, and cause a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| redos | 7.3 | x86_64 | grub2-common | <= 2.06-55 | UNKNOWN |
Related
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.5%