RLSA-2026:4760 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Missing...

RLSA-2025:3367 Important: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: net:...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

CLSA-2026-1779219098 grub2: Fix of CVE-2023-4692

CVE-2023-4692: fix OOB write when parsing NTFS $ATTRIBUTELIST entries...

ROS-20260319-73-0018

A vulnerability in the Grub2 operating system boot loader is related to incorrect buffer size calculation when processing received packets. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260319-73-0019

A vulnerability in the gettext module of the Grub2 operating systems boot loader is related to the ability to use memory after release. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260319-73-0015

A vulnerability in the Grub2 operating system boot loader is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service and gain unauthorized access to the system...

ROS-20260319-73-0017

A vulnerability in the normalexit function of the Grub2 operating system boot loader is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

RHEL 9 : grub2 (RHSA-2026:4823)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4823 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CLSA-2026-1771331675 grub2: Fix of CVE-2025-61662

CVE-2025-61662: fix use-after-free in gettext/gettext due to unregistered gettext command on module unload...

SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2025:4305-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4305-1 advisory. - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770:...

RHEL 10 : grub2 (RHSA-2025:16154)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16154 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modula...

Advisory ROSA-SA-2025-3000

software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-24 affected versions grub2-2.06-24 CVE-ID: CVE-2024-45779 BDU-ID: 2025-03832 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BFS file system of the Grub2 operating system boot loader is related to reads outside the allowed...

Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution

...

Linux Distros Unpatched Vulnerability : CVE-2022-28734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one...

Linux Distros Unpatched Vulnerability : CVE-2020-15705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel...

GNU GRUB Buffer Overflow Vulnerability (CNVD-2025-17795)

GNU GRUB is a Linux system boot program from the GNU community. A buffer error vulnerability exists in GNU GRUB, which originates in the grub-core/gettext module, where the system does not properly limit the size of the data, and can be exploited by an attacker to run arbitrary code in the contex...

CLSA-2025-1751285777 grub2: Fix of 5 CVEs

CVE-2024-45781: fs/ufs: OOB write in the heap - CVE-2024-45782: fs/hfs: strcpy using the volume name - CVE-2024-56737: fs/hfs: Fix stack OOB write with grubstrcpy - CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-1125: fs/hfs:...