Grub2 Security Vulnerabilities and Issues — Grub2 CVE List

Lucene search

GnuGrub2

4 matches found

CVE•added 2024/02/06 6:15 p.m.•150 views

CVE-2024-1048

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be...

3.3CVSS4.2AI score0.00038EPSS

CVE•added 2024/01/15 11:15 a.m.•113 views

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file ...

6.8CVSS6.8AI score0.00031EPSS

CVE•added 2024/12/29 7:15 a.m.•93 views

CVE-2024-56737

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

8.8CVSS7.4AI score0.00077EPSS

CVE•added 2024/12/29 7:15 a.m.•44 views

CVE-2024-56738

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

5.3CVSS7AI score0.0006EPSS