Astra Linux – Vulnerability in grub2

A vulnerability has been identified in the GRUB2 bootloader’s normal command, posing an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused by the fact that the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this...

Astra Linux - уязвимость в grub2

A out-of-bounds read flaw was discovered in Grub2’s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack can result in sensitive data cached in memory or EFI variabl...

[SECURITY] Fedora 44 Update: grub2-breeze-theme-6.6.4-1.fc44

Breeze theme for GRUB...

Advisory ROSA-SA-2026-3226

software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-26 affected versions grub2-2.06-26 CVE-ID: CVE-2025-61662 BDU-ID: 2025-14786 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the gettext module of the Grub2 operating systems boot loader is related to the ability to use memory...

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

EulerOS Virtualization 2.12.0 : grub2 (EulerOS-SA-2026-1486)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the...

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System...

EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2026-1337)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command...

EulerOS Virtualization 2.10.1 : grub2 (EulerOS-SA-2026-1535)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the...

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2026-1222)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string...

OESA-2026-1071 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the...

MiracleLinux 7 : grub2-2.02-0.29.0.1.el7.AXS7 (AXSA:2015-830:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-830:02 advisory. The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It support rich varietyof kernel formats, fi...

Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-1342)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1342 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the...

Medium: grub2

Issue Overview: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory...

OESA-2025-2795 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free...

CVE-2025-59699

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader...

CVE-2025-59699

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader...