CVE-2022-28736

CVE-2022-28736 describes a use-after-free in grub_cmd_chainloader() that is triggered when the chainloader command is executed more than once. The impact, as stated in the sources, includes exposure of sensitive data and potential arbitrary code execution with local access. Multiple advisories me...

CVE-2022-28733

CVE-2022-28733 is a real grub2 vulnerability: an integer underflow in grub_net_recv_ip4_packets when processing IPv4 packets can cause a small rsm->total_len to wrap, potentially triggering a write past the end of a memory buffer. Public advisories (Debian DSA, Red Hat/NVD references) and vend...

CVE-2022-2601

The CVE-2022-2601 issue is a vulnerability in grub2’s font rendering path: a crafted pf2 font causes an overflow in grub_font_construct_glyph(), which can allocate too small a buffer for a glyph and trigger a heap-based out-of-bounds write. This vulnerability can be exploited to bypass Secure Boo...

CVE-2020-10713

CVE-2020-10713 affects GRUB2 prior to 2.06. The flaw allows an attacker to hijack/tamper the GRUB verification process and bypass Secure Boot, enabling arbitrary code execution during boot when a crafted grub.cfg is processed. Exploitation requires local access or access to modify boot/network se...

CVE-2022-3775

CVE-2022-3775 affects grub2 font rendering (grub_font_construct_glyph). The issue arises when rendering certain unicode sequences: the code does not adequately validate the glyph width/height against the bitmap, causing an out-of-bounds write to grub2 heap, leading to memory corruption and potent...

CVE-2022-28734

CVE-2022-28734 is an out-of-bounds write in grub2 related to handling split HTTP headers. The root cause is that grub2’s HTTP parsing moves an internal buffer pointer by one position when processing split headers, which can lead to writing a NULL byte past the buffer and corrupt memory metadata. ...

CVE-2022-28735

The CVE-2022-28735 entry describes a vulnerability in GRUB2 where the shim_lock verifier allows loading non-kernel files on shim-powered secure boot systems, potentially breaking the secure boot trust-chain by loading unverified code or modules. Connected advisories (e.g., CBLMARINER entries for ...

CVE-2023-4692

Concretely documented: CVE-2023-4692 is an out-of-bounds write in grub2’s NTFS driver that can corrupt heap metadata, potentially enabling arbitrary code execution and secure-boot protection bypass. Several connected advisories (e.g., CBL-Mariner) note that a patched grub2 is available; affected ...

CVE-2023-4693

CVE-2023-4693 : Out-of-bounds read in grub2’s NTFS filesystem driver can allow a physically present attacker to feed a crafted NTFS image and read arbitrary memory locations, leaking data such as memory contents or EFI variables. Connected advisories confirm the same CVE and identify a related wr...

CVE-2020-25647

CVE-2020-25647 affects grub2 prior to 2.06. During USB device initialization, grub_usb_device_initialize() reads USB descriptors with very limited bounds checking, assuming sane device values. This can trigger memory corruption and lead to arbitrary code execution, bypassing Secure Boot. Reported...

CVE-2021-20233

CVE-2021-20233 affects GRUB2 prior to 2.06. The issue lies in Setparam_prefix() in the menu rendering code, which miscomputes the length required to represent a quoted single quote, underestimating by one byte per quote and enabling memory corruption. Impact areas include data confidentiality, in...

CVE-2020-25632

GRUB2 CVE-2020-25632 affects grub2 versions before 2.06. The vulnerability lies in the rmmod implementation, which can unload a dependency module without ensuring other dependents are unloaded, causing use-after-free. This can lead to arbitrary code execution or bypass of Secure Boot protections,...

CVE-2020-15707

CVE-2020-15707 is a GRUB2 bootloader vulnerability (initrd size handling) causing a heap-based buffer overflow via integer overflow in initrd processing. The flaw affects GRUB2 2.04 and earlier as deployed in multiple distros (Debian, Red Hat, Ubuntu) and can enable arbitrary code execution durin...

CVE-2020-27779

The CVE-2020-27779 issue affects grub2 prior to 2.06. The cutmem command does not honor Secure Boot locking, enabling a local attacker with privilege to remove memory address ranges and potentially bypass Secure Boot protections. Impacted effect includes data confidentiality, integrity, and avail...

CVE-2020-15706

CVE-2020-15706 affects GRUB2 (2.04 and earlier) and is a race-condition/use-after-free in grub_script_function_create() triggered by redefining a function during execution, leading to arbitrary code execution and Secure Boot restriction bypass. Remediation is to upgrade to patched GRUB2 packages ...

CVE-2020-27749

CVE-2020-27749 affects grub2, with the vulnerability in grub_parser_split_cmdline() where variable names in the command line are expanded into contents using a 1 KB stack buffer without sufficient bounds checking. This can overflow the stack and corrupt the stack frame, potentially allowing code ...

CVE-2020-14372

Summary: CVE-2020-14372 affects grub2 prior to version 2.06. The flaw enables the use of the ACPI command when Secure Boot is enabled, allowing a privileged attacker to craft an SSDT that overwrites the Linux kernel lockdown state in memory. The loaded SSDT is executed by the kernel, defeating Se...

CVE-2020-15705

GRUB2 ≤ 2.04 fails to validate kernel signatures when booting directly without shim, allowing Secure Boot bypass if the kernel signing certificate is in the Secure Boot DB. The issue affects GRUB2 2.04 and earlier; upgrades to patched grub2/shim combinations are advised (e.g., 2.06+ and related s...

CVE-2021-20225

CVE-2021-20225 affects grub2 up to version 2.06, with a heap out-of-bounds write in the short-form option parser. A local attacker could exploit this by supplying a large number of short option forms, potentially impacting data confidentiality, integrity, and availability. Public advisories and v...

CVE-2020-14311

CVE-2020-14311 affects grub2 up to version 2.06 where handling of symlinks on ext filesystems can trigger an arithmetic overflow when a filesystem contains a symbolic link with an inode size of UINT32_MAX. This overflow leads to a zero-sized memory allocation and a subsequent heap-based buffer ov...

CVE-2015-8370

GRUB2 vulnerability CVE-2015-8370 affects Grub2 1.98–2.02 and allows a local, physically proximate attacker to bypass authentication and potentially access sensitive data or cause denial of service via crafted backspace input in grub_username_get (grub-core/normal/auth.c) and grub_password_get (l...

CVE-2020-14308

The CVE-2020-14308 issue affects grub2 prior to version 2.06, where the grub memory allocator does not validate arithmetic overflow in the requested allocation size. This can cause invalid memory allocations, with potential integrity, confidentiality, and availability impacts during the boot proc...

CVE-2020-14310

CVE-2020-14310 affects grub2 prior to version 2.06. The issue is in read_section_as_string(): a font name of length UINT32_MAX may trigger arithmetic overflow, causing zero-size allocation and a subsequent heap-based buffer overflow. This requires a crafted malicious font file and is a local impa...

CVE-2020-14309

GRUB2 CVE-2020-14309 affects grub2

CVE-2021-3981

CVE-2021-3981 — GRUB2 grub.cfg permission issue . Affected: grub2 (2.06 and earlier). Root cause: configuration file grub.cfg created with insecure permissions, enabling non-privileged users to read contents (confidentiality impact). Impact: low severity per description; reads of encrypted passwo...

CVE-2019-14865

Concrete details found: CVE-2019-14865 affects grub2, specifically the grub2-set-bootflag utility. Under resource pressure (RLIMIT), this can cause grubenv/grub2 configuration files to be truncated, leaving the system unbootable on subsequent reboots. Affected component: grub2-set-bootflag in gru...

CVE-2021-3695

CVE-2021-3695 affects grub2. A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2 heap, leading to heap data corruption and potentially arbitrary code execution, bypassing secure boot protections. The vulnerability requires heap-layout triage and the written values are r...

CVE-2021-3697

CVE-2021-3697 is a grub2 JPEG handling vulnerability where crafting a JPEG image may cause a heap underflow in the JPEG reader, enabling data corruption and potentially code execution or secure-boot circumvention. It affects grub2 versions prior to the fixed release (notably legacy references to ...

CVE-2021-3696

CVE-2021-3696 = heap out-of-bounds write during Huffman table handling in grub2’s PNG reader, causing potential heap corruption. Affected: grub2 before patch grub-2.12; implications listed as Low/Low/Low in some sources, with potential for data corruption and, in theory, arbitrary code execution ...

CVE-2024-1048

CVE-2024-1048 - A grub2 flaw in the grub2-set-bootflag utility causes the program to write the new grubenv to a temporary file and rename it over the original grubenv. If the process is terminated before the atomic rename, the temporary file may not be removed, potentially accumulating files acro...

CVE-2021-3418

CVE-2021-3418 affects GRUB2 where, if certificates that sign GRUB are installed into the database, GRUB can boot any kernel without signature validation. The booted kernel may believe it is in Secure Boot lockdown, potentially allowing tampering. Affected: GRUB2 before 2.06 (including upstream an...

CVE-2023-4001

CVE-2023-4001 affects GRUB2 on certain downstream Red Hat patches where an attacker with physical access can bypass GRUB password protection by using a removable drive with a duplicate UUID to locate the config file containing the password hash. The issue was introduced in a downstream patch (not...

CVE-2024-56737

The CVE-2024-56737 issue affects GNU GRUB (GRUB2) up to version 2.12, with a heap-based buffer overflow in fs/hfs.c triggered by crafted sblock data on an HFS filesystem. Connected advisories reiter the flaw in grub2 and reference patched packages across platforms (e.g., grub2 2.06-14/61 notes in...

CVE-2025-0678

The CVE-2025-0678 entry describes a grub2 squash4 filesystem flaw where integer overflow in buffer size calculations leads to grub_malloc() under-allocating and a heap-based out-of-bounds write during direct_read(), potentially allowing arbitrary code execution and bypass of secure boot. Connecte...

CVE-2024-45777

CVE-2024-45777 is a GRUB2 flaw where reading a language .mo file can overflow the translation buffer in grub_gettext_getstr_from_position(), causing an Out-of-Bounds write and potential circumvention of secure boot. Connected advisories confirm patched GRUB2 packages and versions: AlmaLinux 2025/...

CVE-2025-0684

CVE-2025-0684 – grub2 (reiserfs) heap-based OOB write Affects grub2’s reiserfs filesystem driver. The vulnerability arises during symlink lookups where the driver uses user-controlled filesystem geometry to size internal buffers and fails to properly guard for integer overflow. This can cause buf...

CVE-2021-46705

CVE-2021-46705 affects grub2 (grub-once) in SUSE Linux Enterprise Server 15 SP4 and openSUSE Factory. The issue is an Insecure Temporary File vulnerability that lets local attackers truncate arbitrary files via grub-once/grub2. Affected versions are grub2 prior to 2.06-150400.7.1 on SLE 15 SP4, a...

CVE-2024-45782

CVE-2024-45782 affects grub2, specifically the HFS filesystem path where grub_fs_mount() uses strcpy on a user-provided volume name, enabling a heap-based out-of-bounds write and potential secure-boot bypass. Affected packages include grub2 prior to the updated 2.06 releases; remediation is to up...

CVE-2024-45780

Grub2 TAR handling flaw (CVE-2024-45780): when reading tar files, grub2 may overflow allocation size due to integer overflow, causing a heap OOB write and potentially bypassing secure boot. Affected: grub2; Root cause: unchecked allocation length; Impact: confidentiality/integrity/availability hi...

CVE-2025-0689

CVE-2025-0689 affects grub2, specifically the udf filesystem reader (grub_udf_read_block), where user-controlled data length metadata can cause a heap-based buffer overflow during disk read and sector iteration. This could corrupt data and allow arbitrary code execution, potentially bypassing sec...

CVE-2025-1125

CVE-2025-1125 concerns grub2, specifically the hfs filesystem module (fs/hfs) where integer overflow in buffer size calculations enables a heap-based out-of-bounds write. This can corrupt grub’s internal data and may allow arbitrary code execution with secure-boot bypass. Affected product: grub2 ...

CVE-2024-45779

CVE-2024-45779 (grub2 BFS integer overflow): Affects the BFS filesystem driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read, which can cause an integer overflow during file reading. This may trigger a heap-based bounds ...

CVE-2024-45778

CVE-2024-45778 affects grub2, caused by a stack overflow when reading a BFS filesystem. A crafted BFS image can trigger an uncontrolled loop and crash grub2, per the NVD entry. Likely impact is availability (HIGH), with local access required (attack vector LOCAL), low attack complexity and low pr...

CVE-2024-56738

CVE-2024-56738 details (Mode C): GNU GRUB (GRUB2) up to version 2.12 is affected because grub_crypto_memcmp is not implemented in constant time, enabling potential side-channel attacks. Connected Nessus entries for EulerOS/Virt show the same CVE-2024-56738 claim and reference. The description doe...

CVE-2025-0685

CVE-2025-0685 affects grub2, specifically the JFS filesystem module. The vulnerability arises from an integer overflow in buffer size calculations when reading data from JFS, allowing grub_jfs_read_file() to write beyond an internal buffer via grub_jfs_lookup_symlink(), which could corrupt grub’s...

CVE-2025-0686

Affects grub2 ROMFS symlink handling (CVE-2025-0686). The romfs module uses user-controlled geometry parameters to size buffers in symlink lookups and fails to guard integer overflows, allowing buffer size miscalculation. This can cause grub_malloc to allocate too small a buffer, leading to out-o...

CVE-2024-2312

The CVE-2024-2312 issue affects GRUB2 and stems from not calling module fini functions on exit, which leaves UEFI system table hooks after exit (notably in Debian/Ubuntu’s peimage GRUB2 module). This creates a use-after-free condition and could potentially enable secure boot bypass. Connected rec...

CVE-2025-61662

CVE-2025-61662 involves a Use-After-Free in GRUB2’s gettext module where the gettext command remains registered after unloading, enabling an attacker to invoke an orphaned command and crash grub (DoS). The Initial Description notes potential data integrity/confidentiality risks but provides no pa...