1779 matches found
CVE-2020-8710
Buffer overflow in the bootloader for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2020-8711
Improper access control in the bootloader for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access...
Improper access control
Improper access control in the bootloader for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access...
USN-4432-2 grub2, grub2-signed regression
USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems either pre-UEFI or UEFI configured in Legacy mode, preventing them from successfully booting. This update addresses the issue. Users with BIOS syste...
GRUB2 Arbitrary Code Execution Vulnerability
On July 29, 2020, a research paper titled “There’s a Hole in the Boot” was made publicly available. This paper discusses a vulnerability discovered in the GRand Unified Bootloader version 2 GRUB2 bootloader that may allow an attacker to execute arbitrary code at system boot time. The vulnerabilit...
grub2: Use-after-free redefining a function whilst the same function is already executing
GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...
grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...
grub2: Use-after-free redefining a function whilst the same function is already executing
GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...
Moderate: Red Hat Security Advisory: grub2 security and bug fix update
An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Check Point Response to CVE-2020-10713 - GRUB2 bootloader is vulnerable to buffer overflow
Symptoms - CVE-2020-10713 states: "The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled." For more information, refer to https://www.kb.cert.org/vuls/id/174059. Solution Gaia OS versions R81.10...
Grub2 Input Validation Error Vulnerability
grub2 is a Linux system bootloader from the GNU Project. An input validation error vulnerability exists in grub2 versions prior to 2.06. The vulnerability originates from a networked system or product that does not properly validate incoming data. No details of the vulnerability are provided at...
The vulnerability of the Grub.cfg configuration file of Grub2 operating system loaders, related to memory buffer overflow, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Grub.cfg configuration file of Grub2 operating systems is related to errors in eliminating certain elements. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...
ALPINE-CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...
grub2: Use-after-free redefining a function whilst the same function is already executing
GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...
grub2: Fail kernel validation without shim protocol
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...
Moderate: Red Hat Security Advisory: grub2 security and bug fix update
An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...
grub2: Integer overflow in initrd size handling
Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...