6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
43.0%
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically
proximate attackers to bypass authentication, obtain sensitive information,
or cause a denial of service (disk corruption) via backspace characters in
the (1) grub_username_get function in grub-core/normal/auth.c or the (2)
grub_password_get function in lib/crypto.c, which trigger an “Off-by-two”
or “Out of bounds overwrite” memory error.
hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
launchpad.net/bugs/cve/CVE-2015-8370
nvd.nist.gov/vuln/detail/CVE-2015-8370
security-tracker.debian.org/tracker/CVE-2015-8370
twitter.com/lostinsecurity/status/674925944524640257
ubuntu.com/security/notices/USN-2836-1
www.cve.org/CVERecord?id=CVE-2015-8370