Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

grub2release/26.0.0.0: 14 vulnerabilities (highest severity is: 8.8) #38

Open
mend-for-github-com bot opened this issue Jan 15, 2025 · 0 comments
Labels
Mend: dependency security vulnerability Security vulnerability detected by Mend

Comments

@mend-for-github-com
Copy link
Contributor

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Vulnerable Source Files (2)

/debian/grub-extras/lua/lua.h
/debian/grub-extras/lua/lua.h

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (grub2release/26.0.0.0 version) Remediation Possible**
CVE-2024-56737 High 8.8 grub2release/26.0.0.0 Direct N/A
CVE-2020-25632 High 8.2 grub2release/26.0.0.0 Direct grub2-common - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-87,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-90,2.02-0.86,2.02-0.86,2.02-90;grub2-tools-extra-debuginfo - 2.02-90,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-efi-x64-cdboot - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90,2.02-87;fwupd-debugsource - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools - 2.02-0.86,2.02-90,2.02-90,2.02-87,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.87,2.02-0.86,2.02-90,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64 - 2.02-90,2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86;grub2-tools-minimal - 2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-90,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87,2.02-90;shim-x64 - 15.4-2;grub2-ppc64le-modules - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-efi-ia32-cdboot - 2.02-87,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-ppc64le - 2.02-87,2.02-90,2.02-87;shim - 15.4-2;grub2-pc - 2.02-0.86,2.02-87,2.02-0.87,2.02-90,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.87,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-90;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-87,2.02-90;shim-aa64 - 15.4-2;shim-ia32 - 15.4-2;grub2-efi-x64-modules - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-90;fwupd-debuginfo - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools-efi - 2.02-87,2.02-90,2.02-87;fwupd - 1.5.9-1,1.1.4-4,1.1.4-4,1.1.4-4,1.1.4-9,1.5.9-1,1.5.9-1,1.5.9-1,1.1.4-9,1.1.4-9,1.1.4-4,1.1.4-4,1.5.9-1,1.1.4-9,1.1.4-9;grub2 - 2.02-0.87,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90;grub2-efi-ia32-modules - 2.02-0.86,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90;grub2-tools-extra - 2.02-0.86
CVE-2020-25647 High 7.6 grub2release/26.0.0.0 Direct grub2-common - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-87,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-90,2.02-0.86,2.02-0.86,2.02-90;grub2-tools-extra-debuginfo - 2.02-90,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-efi-x64-cdboot - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90,2.02-87;fwupd-debugsource - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools - 2.02-0.86,2.02-90,2.02-90,2.02-87,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.87,2.02-0.86,2.02-90,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64 - 2.02-90,2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86;grub2-tools-minimal - 2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-90,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87,2.02-90;shim-x64 - 15.4-2;grub2-ppc64le-modules - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-efi-ia32-cdboot - 2.02-87,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-ppc64le - 2.02-87,2.02-90,2.02-87;shim - 15.4-2;grub2-pc - 2.02-0.86,2.02-87,2.02-0.87,2.02-90,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.87,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-90;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-87,2.02-90;shim-aa64 - 15.4-2;shim-ia32 - 15.4-2;grub2-efi-x64-modules - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-90;fwupd-debuginfo - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools-efi - 2.02-87,2.02-90,2.02-87;fwupd - 1.5.9-1,1.1.4-4,1.1.4-4,1.1.4-4,1.1.4-9,1.5.9-1,1.5.9-1,1.5.9-1,1.1.4-9,1.1.4-9,1.1.4-4,1.1.4-4,1.5.9-1,1.1.4-9,1.1.4-9;grub2 - 2.02-0.87,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90;grub2-efi-ia32-modules - 2.02-0.86,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90;grub2-tools-extra - 2.02-0.86
CVE-2023-4001 Medium 6.8 grub2release/26.0.0.0 Direct N/A
CVE-2022-28735 Medium 6.7 grub2release/26.0.0.0 Direct N/A
CVE-2020-14309 Medium 6.7 grub2release/26.0.0.0 Direct grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86
CVE-2021-3418 Medium 6.4 detected in multiple dependencies Direct grub 2.06
CVE-2020-14311 Medium 5.7 grub2release/26.0.0.0 Direct grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86
CVE-2020-14310 Medium 5.7 grub2release/26.0.0.0 Direct grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86
CVE-2020-25601 Medium 5.5 grub2release/26.0.0.0 Direct N/A
CVE-2013-4416 Medium 4.8 grub2release/26.0.0.0 Direct 4.4.0
CVE-2022-24735 Low 3.9 grub2release/26.0.0.0 Direct 6.2.7;7.0.0
CVE-2022-24736 Low 3.3 grub2release/26.0.0.0 Direct 6.2.7;7.0.0
CVE-2022-4087 Low 2.6 grub2release/26.0.0.0 Direct N/A

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-56737

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

/grub-core/fs/hfs.c

Vulnerability Details

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

Publish Date: 2024-12-29

URL: CVE-2024-56737

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2020-25632

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

/include/grub/dl.h

Vulnerability Details

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Publish Date: 2021-03-03

URL: CVE-2020-25632

CVSS 3 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-25632

Release Date: 2021-03-03

Fix Resolution: grub2-common - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-87,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-90,2.02-0.86,2.02-0.86,2.02-90;grub2-tools-extra-debuginfo - 2.02-90,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-efi-x64-cdboot - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90,2.02-87;fwupd-debugsource - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools - 2.02-0.86,2.02-90,2.02-90,2.02-87,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.87,2.02-0.86,2.02-90,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64 - 2.02-90,2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86;grub2-tools-minimal - 2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-90,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87,2.02-90;shim-x64 - 15.4-2;grub2-ppc64le-modules - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-efi-ia32-cdboot - 2.02-87,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-ppc64le - 2.02-87,2.02-90,2.02-87;shim - 15.4-2;grub2-pc - 2.02-0.86,2.02-87,2.02-0.87,2.02-90,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.87,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-90;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-87,2.02-90;shim-aa64 - 15.4-2;shim-ia32 - 15.4-2;grub2-efi-x64-modules - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-90;fwupd-debuginfo - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools-efi - 2.02-87,2.02-90,2.02-87;fwupd - 1.5.9-1,1.1.4-4,1.1.4-4,1.1.4-4,1.1.4-9,1.5.9-1,1.5.9-1,1.5.9-1,1.1.4-9,1.1.4-9,1.1.4-4,1.1.4-4,1.5.9-1,1.1.4-9,1.1.4-9;grub2 - 2.02-0.87,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90;grub2-efi-ia32-modules - 2.02-0.86,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90;grub2-tools-extra - 2.02-0.86

CVE-2020-25647

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

Vulnerability Details

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Publish Date: 2021-03-03

URL: CVE-2020-25647

CVSS 3 Score Details (7.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Physical
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-25647

Release Date: 2021-03-03

Fix Resolution: grub2-common - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-87,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-90,2.02-0.86,2.02-0.86,2.02-90;grub2-tools-extra-debuginfo - 2.02-90,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-efi-x64-cdboot - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90,2.02-87;fwupd-debugsource - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools - 2.02-0.86,2.02-90,2.02-90,2.02-87,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.87,2.02-0.86,2.02-90,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64 - 2.02-90,2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86;grub2-tools-minimal - 2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-90,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87,2.02-90;shim-x64 - 15.4-2;grub2-ppc64le-modules - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-efi-ia32-cdboot - 2.02-87,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-ppc64le - 2.02-87,2.02-90,2.02-87;shim - 15.4-2;grub2-pc - 2.02-0.86,2.02-87,2.02-0.87,2.02-90,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.87,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-90;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-87,2.02-90;shim-aa64 - 15.4-2;shim-ia32 - 15.4-2;grub2-efi-x64-modules - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-90;fwupd-debuginfo - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools-efi - 2.02-87,2.02-90,2.02-87;fwupd - 1.5.9-1,1.1.4-4,1.1.4-4,1.1.4-4,1.1.4-9,1.5.9-1,1.5.9-1,1.5.9-1,1.1.4-9,1.1.4-9,1.1.4-4,1.1.4-4,1.5.9-1,1.1.4-9,1.1.4-9;grub2 - 2.02-0.87,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90;grub2-efi-ia32-modules - 2.02-0.86,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90;grub2-tools-extra - 2.02-0.86

CVE-2023-4001

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (2)

/include/grub/search.h
/include/grub/search.h

Vulnerability Details

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Publish Date: 2024-01-15

URL: CVE-2023-4001

CVSS 3 Score Details (6.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Physical
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2022-28735

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

Vulnerability Details

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

Publish Date: 2023-07-20

URL: CVE-2022-28735

CVSS 3 Score Details (6.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2020-14309

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

/debian/grub-extras/disabled/zfs/zfs.c

Vulnerability Details

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

Publish Date: 2020-07-30

URL: CVE-2020-14309

CVSS 3 Score Details (6.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-14309

Release Date: 2020-07-30

Fix Resolution: grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86

CVE-2021-3418

Vulnerable Libraries - grub2release/26.0.0.0, grub2release/26.0.0.0, grub2release/26.0.0.0

Vulnerability Details

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.

Publish Date: 2021-03-15

URL: CVE-2021-3418

CVSS 3 Score Details (6.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1933757

Release Date: 2021-03-15

Fix Resolution: grub 2.06

CVE-2020-14311

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

/debian/grub-extras/disabled/zfs/zfs.c

Vulnerability Details

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Publish Date: 2020-07-31

URL: CVE-2020-14311

CVSS 3 Score Details (5.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-14311

Release Date: 2020-07-31

Fix Resolution: grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86

CVE-2020-14310

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

/debian/grub-extras/disabled/zfs/zfs.c

Vulnerability Details

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

Publish Date: 2020-07-31

URL: CVE-2020-14310

CVSS 3 Score Details (5.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-14310

Release Date: 2020-07-31

Fix Resolution: grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86

CVE-2020-25601

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (1)

/include/xen/event_channel.h

Vulnerability Details

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.

Publish Date: 2020-09-23

URL: CVE-2020-25601

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2013-4416

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (3)

/include/xen/io/xs_wire.h
/include/xen/io/xs_wire.h
/include/xen/io/xs_wire.h

Vulnerability Details

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

Publish Date: 2013-11-02

URL: CVE-2013-4416

CVSS 3 Score Details (4.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://xenbits.xen.org/xsa/

Release Date: 2013-11-02

Fix Resolution: 4.4.0

CVE-2022-24735

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (2)

/debian/grub-extras/lua/lua.h
/debian/grub-extras/lua/lua.h

Vulnerability Details

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to SCRIPT LOAD and EVAL commands using ACL rules.

Publish Date: 2022-04-27

URL: CVE-2022-24735

CVSS 3 Score Details (3.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-647m-2wmq-qmvq

Release Date: 2022-04-27

Fix Resolution: 6.2.7;7.0.0

CVE-2022-24736

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (2)

/debian/grub-extras/lua/lua.h
/debian/grub-extras/lua/lua.h

Vulnerability Details

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to SCRIPT LOAD and EVAL commands using ACL rules.

Publish Date: 2022-04-27

URL: CVE-2022-24736

CVSS 3 Score Details (3.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3qpw-7686-5984

Release Date: 2022-04-27

Fix Resolution: 6.2.7;7.0.0

CVE-2022-4087

Vulnerable Library - grub2release/26.0.0.0

Delphix fork of the Ubuntu grub source repository

Library home page: https://github.com/delphix/grub2.git

Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483

Found in base branch: develop

Vulnerable Source Files (2)

/debian/grub-extras/disabled/gpxe/src/net/tls.c
/debian/grub-extras/disabled/gpxe/src/net/tls.c

Vulnerability Details

A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.

Publish Date: 2022-11-21

URL: CVE-2022-4087

CVSS 3 Score Details (2.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

@mend-for-github-com mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Mend: dependency security vulnerability Security vulnerability detected by Mend
Development

No branches or pull requests

0 participants