Linux Distros Unpatched Vulnerability : CVE-2024-2312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to ...

Linux Distros Unpatched Vulnerability : CVE-2020-10713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows...

grub2: out-of-bounds read at fs/ntfs.c

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

CVE-2021-3695

A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2's memory, leading to possible code execution and the circumvention of the secure boot mechanism...

USN-4992-1: GRUB 2 vulnerabilities

Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. CVE-2020-14372 Chris Coulson discovered that the rmmod command in GRUB 2 contained a use-...

Ubuntu 18.04 LTS / 20.04 LTS : GRUB 2 vulnerabilities (USN-4992-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4992-1 advisory. Mt Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An...

NewStart CGSL CORE 5.04 / MAIN 5.04 : fwupdate Vulnerability (NS-SA-2021-0007)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has fwupdate packages installed that are affected by a vulnerability: - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also...

CVE-2020-14372

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

PT-2021-5815

Name of the Vulnerable Software and Affected Versions grub2 versions prior to 2.06 Description A flaw was found in the menu rendering code of grub2, specifically in the Setparam prefix function, which performs a length calculation on the assumption that expressing a quoted single quote will requi...

CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

GRUB 2 password bypass

Error in password protection allows to boot system by guessing first character of the password...

[USN-868-1] GRUB 2 vulnerability

=========================================================== Ubuntu Security Notice USN-868-1 December 09, 2009 grub2 vulnerability CVE-2009-4128 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also appli...

USN-868-1: GRUB 2 vulnerability

It was discovered that GRUB 2 did not properly validate passwords. An attacker with physical access could conduct a brute force attack and bypass authentication by submitting a 1 character password...

CVE-2009-4128

GNU GRand Unified Bootloader GRUB 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1...