Grub2 Security Vulnerabilities and Issues — Grub2 CVE List

Lucene search

GnuGrub2

5 matches found

CVE•added 2023/10/25 6:17 p.m.•472 views

CVE-2023-4693

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to b...

5.3CVSS6.1AI score0.0001EPSS

CVE•added 2019/11/29 10:15 a.m.•180 views

CVE-2019-14865

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

5.9CVSS4.4AI score0.00038EPSS

CVE•added 2022/03/16 10:15 a.m.•86 views

CVE-2021-46705

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 ver...

5.1CVSS4.7AI score0.00043EPSS

CVE•added 2025/03/03 5:15 p.m.•52 views

CVE-2024-45778

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

5.5CVSS4.5AI score0.00012EPSS

CVE•added 2024/12/29 7:15 a.m.•44 views

CVE-2024-56738

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

5.3CVSS7AI score0.00056EPSS