CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56737
https://notcve.org/view.php?id=CVE-2024-56737
29 Dec 2024 — GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. • https://savannah.gnu.org/bugs/?66599 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56738
https://notcve.org/view.php?id=CVE-2024-56738
29 Dec 2024 — GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. • https://savannah.gnu.org/bugs/?66603 • CWE-208: Observable Timing Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4692 – Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
https://notcve.org/view.php?id=CVE-2023-4692
04 Oct 2023 — An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Se encontró una falla de escritura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. • https://access.redhat.com/errata/RHSA-2024:2456 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4693 – Grub2: out-of-bounds read at fs/ntfs.c
https://notcve.org/view.php?id=CVE-2023-4693
04 Oct 2023 — An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. Se encontró una falla de lectura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. Este problema puede permitir que un atacante físicam... • https://access.redhat.com/errata/RHSA-2024:2456 • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2022-2601 – grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
https://notcve.org/view.php?id=CVE-2022-2601
16 Nov 2022 — A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. Se encontró un desbordamiento del búfer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamien... • https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3775 – grub2: Heap based out-of-bounds write when redering certain unicode sequences
https://notcve.org/view.php?id=CVE-2022-3775
16 Nov 2022 — When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Al representar ciertas secuencias Unicode, el código de fuente de grub2 no se valida correctamente si el ancho y alto del gli... • https://access.redhat.com/security/cve/cve-2022-3775 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28736 – There's a use-after-free vulnerability in grub_cmd_chainloader() function
https://notcve.org/view.php?id=CVE-2022-28736
20 Jun 2022 — There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. A use-after-free vulnerability was found on grub2's chainloader command. T... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28733 – Integer underflow in grub_net_recv_ip4_packets
https://notcve.org/view.php?id=CVE-2022-28733
20 Jun 2022 — Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a mali... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28734 – Out-of-bounds write when handling split HTTP headers
https://notcve.org/view.php?id=CVE-2022-28734
20 Jun 2022 — Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28735 – grub2: shim_lock verifier allows non-kernel files to be loaded
https://notcve.org/view.php?id=CVE-2022-28735
20 Jun 2022 — The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. A flaw was found in grub2. The shim_lock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed. Red Hat Advanced Cluster Management for Kubernetes... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •