EUVD-2020-6512

Malware in sbrugna...

RHEL 8 : fwupdate (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grub2: Use-after-free in rmmod command CVE-2020-25632 - grub2: Out-of-bounds write in...

RHEL 8 : grub2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grub2: Use-after-free in rmmod command CVE-2020-25632 - grub2: Out-of-bounds write in...

Rocky Linux 8 : shim (RLSA-2021:1734)

The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2021:1734 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

Rocky Linux 8 : fwupd (RLSA-2021:2566)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2566 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

AlmaLinux 8 : fwupd (ALSA-2021:2566)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:2566 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2021-0133)

The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an...

grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

Amazon Linux 2 : grub2 (ALAS-2021-1684)

The version of grub2 installed on the remote host is prior to 2.06-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1684 advisory. 2024-02-29: CVE-2019-14865 was added to this advisory. A flaw was found in the grub2-set-bootflag utility of grub2. A local...

EulerOS 2.0 SP5 : grub2 (EulerOS-SA-2021-2218)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to...

Updated grub2 packages fix security vulnerabilities

All CVEs below are against the SecureBoot functionality in GRUB2. We do not ship this as part of Mageia. Therefore, we ship an updated grub2 package to 2.06 for Mageia 8 fixing upstream bugfixes. A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and...

CentOS 8 : fwupd (CESA-2021:2566)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:2566 advisory. - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-14372 - grub2: Use-after-free in rmmod...

Ubuntu 18.04 LTS / 20.04 LTS : GRUB 2 vulnerabilities (USN-4992-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4992-1 advisory. Mt Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An...

SUSE SLES11 Security Update : grub2 (SUSE-SU-2021:14659-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14659-1 advisory. - The grubext2readblock function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote...

EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2021-1948)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to...

grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2021-1875)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption th...

EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2021-1794)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This...

grub2 code execution vulnerability

grub2 is a Linux system boot program from the GNU community. A security vulnerability exists in versions of grub2 prior to 2.06 where it incorrectly enables the ACPI command when enabling secure boot. The vulnerability allows an attacker with privileged access to create an auxiliary system...

Oracle Linux 8 : grub2 (ELSA-2021-0696)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0696 advisory. - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 Tenable has extracted the preceding description block directly from the Oracle Linux...