3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.7 Medium
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
15.3%
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix
of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the
new grubenv content and rename it to the original grubenv file. If the
program is killed before the rename operation, the temporary file will not
be removed and may fill the filesystem when invoked multiple times,
resulting in a filesystem out of free inodes or blocks.
Author | Note |
---|---|
eslerm | the grub2 package does not affect Ubuntu’s Secure Boot grub2-unsigned contains Secure Boot security fixes grub2 and grub2-unsigned should have same major version Ubuntu Secure Boot and ESM do not cover i386 trusty’s GA kernel cannot handle new versions of grub Note that key revocation is required to protect against evil housekeeper attacks (such as BlackLotus) |
mdeslaur | This issue is in a RedHat-specific addition and does not affect Debian or Ubuntu |
www.openwall.com/lists/oss-security/2024/02/06/3
access.redhat.com/security/cve/CVE-2024-1048
bugzilla.redhat.com/show_bug.cgi?id=2256827
launchpad.net/bugs/cve/CVE-2024-1048
nvd.nist.gov/vuln/detail/CVE-2024-1048
security-tracker.debian.org/tracker/CVE-2024-1048
www.cve.org/CVERecord?id=CVE-2024-1048
www.openwall.com/lists/oss-security/2024/02/06/3
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.7 Medium
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
15.3%