311 matches found
RockyLinux 8 : grub2 (RLSA-2026:4648)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:4648 advisory. grub2: Missing unregister call for gettext command may lead to use-after-free CVE-2025-61662 Tenable has extracted the preceding description block directly from t...
grub2 security update
An update is available for grub2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...
grub2 security update
An update is available for grub2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2 in versions prior to 2.06, where it incorrectly enabled the use of the ACPI command when Secure Boot was enabled. This flaw allows an attacker with privileged access to create a Secondary System Description Table SSDT containing code that can overwrite the Linux...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...
Astra Linux - уязвимость в grub2
A flaw was discovered in the HFS filesystem. When reading the name of an HFS volume during the grubfsmount function, the HFS filesystem driver uses the user-provided volume name as input without properly verifying the length of that name. This issue may lead to a heap-based out-of-bounds write...
Astra Linux - уязвимость в grub2
Out-of-bounds write when handling split HTTP headers: When dealing with split HTTP headers, GRUB2’s HTTP code accidentally moves its internal data buffer point by one position. This can lead to an out-of-bounds write during the parsing of the HTTP request, resulting in writing a NULL byte beyond...
SUSE-SU-2026:21621-1 Security update for grub2
This update for grub2 fixes the following issues - CVE-2025-54770: Missing unregister call for netsetvlan command may lead to use-after-free bsc1252930. - CVE-2025-54771: grubfileclose does not properly controls the fs refcount bsc1252931. - CVE-2025-61661: Out-of-bounds write in grubusbgetstring...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017467)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017467 advisory. A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain command...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017485)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017485 advisory. A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. When performing a symlink lookup from a romfs filesystem, grub’s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...
Astra Linux - уязвимость в grub2
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...
Astra Linux - уязвимость в grub2
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. The dump command of grub is not blocked when grub is in lockdown mode, which allows the user to read any memory information. An attacker could exploit this vulnerability to extract signatures, salts, and other sensitive information from the memory...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2, where its configuration file, known as grub.cfg, is created with the wrong permission set, allowing non-privileged users to read its contents. This represents a minor confidentiality issue, as those users could potentially access any encrypted passwords contained i...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. When reading data from a squash4 filesystem, grub’s squash4 fs module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cau...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. When reading the name of a symbolic link from a UFS filesystem, grub2 fails to validate the string length provided as input. This lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and potentially allowing an attacker to...
Astra Linux - уязвимость в grub2
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution...
Astra Linux - уязвимость в grub2
An integer overflow flaw was discovered in the BFS file system driver within grub2. When reading a file using an indirect extent map, grub2 fails to validate the number of extent entries to be read. A maliciously crafted or corrupted BFS file system may cause an integer overflow during file...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. When performing a symlink lookup, the grub’s UFS module checks the data size of the inode to allocate an internal buffer to read the file content. However, it fails to check whether the data size of the symlink has exceeded its allocated limit. As a result, the...