3605 matches found
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, resulting in an out-of-bound write. This issue can be exploited by an attacker to overwrite grub2’s sensitive heap data, ultimately allowing th...
Astra Linux – Vulnerability in grub2
When reading the .mo file in grubmofileopen, grub2 fails to verify an integer overflow during the allocation of its internal buffer. A specially crafted .mo file may cause the buffer size calculation to overflow, resulting in out-of-bound reads and writes. This flaw allows an attacker to leak...
June 23, 2026—KB5095093 (OS Builds 26200.8737 and 26100.8737) Preview
June 23, 2026—KB5095093 OS Builds 26200.8737 and 26100.8737 Preview This cumulative update for Windows 11, version 25H2 and 24H2 KB5095093, includes production-quality improvements. Announcements and messages This section provides key notifications related to this release, including...
Astra Linux - Vulnerability in GRUB2
When reading data from disk, GRUB's UDF filesystem module uses the user-controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes that the read size from the disk is always smaller than the allocated buffer size, which...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When reading data from a jfs filesystem, grub’s jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cause...
Astra Linux – Vulnerability in grub2
A buffer overflow was detected in grubfontconstructglyph. A maliciously crafted pf2 font can cause an overflow when calculating the maxglyphsize value. This results in allocating a buffer that is smaller than necessary for the glyph, leading to another buffer overflow and an out-of-bounds write t...
Astra Linux – Vulnerability in grub2
A carefully crafted JPEG image may cause the JPEG reader to underflow its data pointer, allowing user-controlled data to be written into the heap. For the attack to succeed, the attacker must analyze the heap layout and create an image with malicious format and payloads. This vulnerability can le...
Astra Linux – Vulnerability in grub2
A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...
Astra Linux – Vulnerability in grub2
The GRUB2’s shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules being loaded in GRUB2, thereby breaking the secure boot trust-chain...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking, allowing a privileged attacker to remove address ranges from memory. This creates an opportunity to circumvent SecureBoot protections after proper analysis of grub’s memory layout. The...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read without sufficient bounds checking, assuming that the USB device provides valid values. If exploited properly, an attacker could cause memory corruption, leading to arbitrary code...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06, where it incorrectly enabled the use of the ACPI command when Secure Boot was enabled. This flaw allows an attacker with privileged access to create a Secondary System Description Table SSDT containing code that can overwrite the Linux...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When performing a symlink lookup from a romfs filesystem, grub’s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When reading data from a squash4 filesystem, grub’s squash4 fs module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cau...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When performing a symlink lookup from a ReiserFS filesystem, grub’s ReiserFS module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When performing a symlink lookup, the grub’s UFS module checks the data size of the inode to allocate an internal buffer to read the file content. However, it fails to check whether the data size of the symlink has exceeded its allocated limit. As a result, the...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06. Variable names present in the supplied command line are expanded into their corresponding variable contents, using a 1 kB stack buffer for temporary storage. However, there is insufficient bounds checking. If the function is called with a...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. During the network boot process, when attempting to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the length of the...