4 matches found
CVE-2026-25828
grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...
CVE-2026-25828
grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...
CVE-2026-25828
grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...
CVE-2026-25828
CVE-2026-25828 affects grub-btrfs up to 2026-01-31 on Arch Linux and derivatives. The initramfs hook grub-btrfs-overlayfs passes the kernel parameter $root to resolve_device() without sanitization, enabling potential initramfs command execution as root during boot. The issue is rooted in not sani...