Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The option parser allows an attacker to overwrite a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The greatest threat from this vulnerability is to data confidentiality and...

RockyLinux 8 : grub2 (RLSA-2025:3367)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3367 advisory. grub2: net: Out-of-bounds write in grubnetsearchconfigfile CVE-2025-0624 Tenable has extracted the preceding description block directly from the RockyLinux securi...

Astra Linux – Vulnerability in grub2

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the process that closes files improperly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017478 advisory. A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, usi...

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2026-1241)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process...

SUSE CVE-2025-54771

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

DEBIAN-CVE-2025-61662

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

UBUNTU-CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-54771 Grub2: use-after-free in grub_file_close()

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

Linux Distros Unpatched Vulnerability : CVE-2025-61661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when...

PT-2025-47379

Name of the Vulnerable Software and Affected Versions GRUB affected versions not specified Description A flaw exists in the GRUB bootloader due to improper handling of string conversion when processing information from a USB device. Specifically, the bootloader is susceptible to inconsistent leng...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2025-2227)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks.CVE-2024-56738...

EUVD-2017-18693

Malware in sbrugna...

EUVD-2024-53381

Malicious code in bioql PyPI...

EUVD-2025-5590

Malicious code in bioql PyPI...

EUVD-2025-5580

Malicious code in bioql PyPI...

RLSA-2025:16154 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2025-2070)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks.CVE-2024-56738...

Linux Distros Unpatched Vulnerability : CVE-2020-15706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the...