MiracleLinux 8 : grub2-2.02-78.0.2.el8 (AXSA:2020-283:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-283:03 advisory. grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable CVE-2019-14865 Tenable has extracted the preceding description...

EUVD-2024-16824

Malicious code in bioql PyPI...

EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2024-2471)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file with...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2024-1799)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file with...

EulerOS Virtualization 2.11.0 : grub2 (EulerOS-SA-2024-1726)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...

grub2: grub2-set-bootflag can be abused by local (pseudo-)users

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not ...

Amazon Linux 2 : grub2 (ALAS-2024-2499)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2499 advisory. A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...

Fedora 39 : grub2 (2024-097eb22907)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-097eb22907 advisory. Security fix for CVE-2024-1048 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

Low: grub2

Issue Overview: A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporar...

Design/Logic Flaw

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not ...

CVE-2024-1048 Grub2: grub2-set-bootflag can be abused by local (pseudo-)users

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not ...

RHEL 8 : grub2 (RHSA-2020:0335)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0335 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2020-1009)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 30 : 1:grub2 (2019-69da274284)

Drop patch fixing a corner case in BLS variable expansion since it may be causing issues ---- Fix a grub hidden-menu regression and a bug in blscfg variable expansion ---- Security fix for CVE-2019-14865 Note that Tenable Network Security has extracted the preceding description block directly fro...

Oracle Linux 8 : grub2 (ELSA-2019-4869)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4869 advisory. 2.02-78.0.2 - grub-set-bootflag: fix grubenv update method, fix CVE-2019-14865 Orabug: 30607067 Tenable has extracted the preceding description block directly...

grub2 security update

2.02-78.0.2 - grub-set-bootflag: fix grubenv update method, fix CVE-2019-14865 Orabug: 30607067...

Fedora 31 : 1:grub2 (2019-e99ebf23c8)

Fix a grub hidden-menu regression and a bug in blscfg variable expansion ---- Security fix for CVE-2019-14865 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it...

CVE-2019-14865

Concrete details found: CVE-2019-14865 affects grub2, specifically the grub2-set-bootflag utility. Under resource pressure (RLIMIT), this can cause grubenv/grub2 configuration files to be truncated, leaving the system unbootable on subsequent reboots. Affected component: grub2-set-bootflag in gru...