Out-of-bounds Read

2023-10-0822:49:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

grub2

vulnerability

ntfs

filesystem

memory

attacker

sensitive data

efi variable

cached passwords

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

32.5%

JSON

grub2 is vulnerable to Out-of-bounds Read. The vulnerability allows an attacker to read arbitrary memory locations, including sensitive data such as cached passwords and EFI variable values, by presenting a specially crafted NTFS filesystem image.

CPENameOperatorVersion
grub2:bullseyeeq2.04-10
grub2:sideq2.04-10
grub2:bustereq2.02+dfsg1-20+deb10u2
grub2:bustereq2.02+dfsg1-20+deb10u3
grub2:bustereq2.02+dfsg1-20+deb10u4
grub2:bullseyeeq2.04-10
grub2:sideq2.04-10
grub2:bustereq2.02+dfsg1-20+deb10u2
grub2:bustereq2.02+dfsg1-20+deb10u3
grub2:bustereq2.02+dfsg1-20+deb10u4

Name	Operator	Version
grub2:bullseye	eq	2.04-10
grub2:sid	eq	2.04-10
grub2:buster	eq	2.02+dfsg1-20+deb10u2
grub2:buster	eq	2.02+dfsg1-20+deb10u3
grub2:buster	eq	2.02+dfsg1-20+deb10u4
grub2:bullseye	eq	2.04-10
grub2:sid	eq	2.04-10
grub2:buster	eq	2.02+dfsg1-20+deb10u2
grub2:buster	eq	2.02+dfsg1-20+deb10u3
grub2:buster	eq	2.02+dfsg1-20+deb10u4