CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-15706 – GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
https://notcve.org/view.php?id=CVE-2020-15706
28 Jul 2020 — GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 contiene una condición de carrera en la función grub_script_function_create() que conlleva a una vulnerabilidad de uso de la memoria previamente liberada la cual puede ser de... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14311 – grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14311
28 Jul 2020 — There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Se presenta un problema con grub2 versiones anteriores a 2.06, mientras se maneja un symlink en los sistemas de archivos ext. Un sistema de archivos que contiene un enlace simbólico con un tamaño de inode de UINT32_MAX causa un des... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14310 – grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14310
28 Jul 2020 — There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Se presenta un problema en grub2 ve... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14865 – grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable
https://notcve.org/view.php?id=CVE-2019-14865
29 Nov 2019 — A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. Se encontró un fallo en la utilidad grub2-set-bootflag de grub2. Un atacante local podría ejecutar esta utilidad bajo la presión de recursos (por ejemplo, configurando RLIMIT), causando que archivos de configuración de grub2 sean truncados y dejan... • http://www.openwall.com/lists/oss-security/2024/02/06/3 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2015-8370 – grub2: buffer overflow when checking password entered during bootup
https://notcve.org/view.php?id=CVE-2015-8370
15 Dec 2015 — Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. Múltiple desbordamiento inferior de entero en Grub2 1.98 hasta la versión 2.02 permite a atacantes ... • http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-264: Permissions, Privileges, and Access Controls CWE-787: Out-of-bounds Write •