Lucene search

K

Veracode Vulnerability DatabaseVERACODE:25984

HistoryJul 30, 2020 - 2:02 a.m.

Denial Of Service (DoS)

2020-07-3002:02:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

grub2 is vulnerable to denial of service (DoS). The vulnerability exists as it fails kernel validation without shim protocol.

CPENameOperatorVersion
shim-unsigned-x64eq15__2.el8
fwupdeq1.1.4__6.el8.0.1
fwupdeq1.1.4__6.el8
fwupdeq1.1.4__1.el8
fwupdateeq9__8.el7.centos
fwupdateeq12__5.el7.centos
fwupdateeq9__8.el7
grub2eq2.02__0.76.el7.centos.1
grub2eq2.02__0.81.el7.centos
grub2eq2.02__0.17.ael7b_1.2

Rows per page:

1-10 of 361

References

lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html

ubuntu.com/security/notices/USN-4432-1

www.openwall.com/lists/oss-security/2020/07/29/3

www.openwall.com/lists/oss-security/2021/03/02/3

www.openwall.com/lists/oss-security/2021/09/17/2

www.openwall.com/lists/oss-security/2021/09/17/4

www.openwall.com/lists/oss-security/2021/09/21/1

access.redhat.com/errata/RHSA-2020:3223

access.redhat.com/security/updates/classification/#moderate

access.redhat.com/security/vulnerabilities/grub2bootloader

lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html

portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011

security.gentoo.org/glsa/202104-05

security.netapp.com/advisory/ntap-20200731-0008/

usn.ubuntu.com/4432-1/

wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

www.debian.org/security/2020-GRUB-UEFI-SecureBoot

www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

www.openwall.com/lists/oss-security/2020/07/29/3

www.suse.com/c/suse-addresses-grub2-secure-boot-issue/

www.suse.com/support/kb/doc/?id=000019673

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:25984

nessus35 cbl_mariner1 openvas22 redhatcve2 debiancve2 alpinelinux2 suse2 osv2 cve2 prion2 ubuntucve2 redhat9 f51 fedora2 photon5 oraclelinux3 centos1 qualysblog1 ubuntu2 rosalinux1 mageia1 gentoo1 hp1 redos1 ibm2 mscve1 ics1