Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...

EulerOS Virtualization 2.13.0 : grub2 (EulerOS-SA-2026-2169)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closin...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2026-1170)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-70523 CVE-2025-61663 affecting package grub2 for versions less than 2.06-16

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

Linux Distros Unpatched Vulnerability : CVE-2022-3775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. ...

SUSE SLED15: grub2 / grub2-arm64-efi / grub2-i386-pc / grub2-powerpc-ieee1275 / etc (SUSE-SU-2025:02813-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02813-1 advisory. - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Other...

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2025-1976)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.CVE-2024-49504 Tenable has extracted the preceding...

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2025-1990)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.CVE-2024-49504 Tenable has extracted the preceding...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2025-1990)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When performing a symlink lookup from a romfs filesystem, grub’s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

The vulnerability of the grub_mofile_open() function for the .mo file of the Grub2 operating system allows a hacker to circumvent existing security restrictions and expose protected information.

The vulnerability of the grubmofileopen function for the .mo file of the Grub2 operating system is related to reading beyond the buffer limit in memory. Exploiting this vulnerability could allow an attacker to bypass existing security restrictions and disclose sensitive information...

The vulnerability of the grub_extcmd_dispatcher() function of the Grub2 operating system allows a hacker to cause a service failure.

The vulnerability of the grubextcmddispatcher function of the Grub2 operating system is related to an improper check of the returned value from the function. Exploiting this vulnerability could allow an attacker to cause a service failure...

AZL-57049 CVE-2025-0624 affecting package grub2 for versions less than 2.06-24

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

SUSE CVE-2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service disk corruption via backspace characters in the 1 grubusernameget function in grub-core/normal/auth.c or the 2...

DEBIAN-CVE-2020-27749

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that...

AZL-6460 CVE-2020-14372 affecting package grub2 for versions less than 2.06~rc1-7

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdow...

ALPINE-CVE-2020-14372

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdow...

grub2 安全漏洞

grub2 is a Linux system boot program from the GNU community. A security vulnerability exists in versions of grub2 prior to 2.06 where it incorrectly enables the ACPI command when enabling secure boot. The vulnerability allows an attacker with privileged access to create an auxiliary system...

grub2 安全漏洞

grub2 is a Linux system boot program from the GNU community. GRUB2 has a security vulnerability that allows grub to be booted directly if a certificate signing grub is installed into the db. it can then boot any kernel without signature verification...