You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to SCRIPT LOAD and EVAL commands using ACL rules.
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to SCRIPT LOAD and EVAL commands using ACL rules.
A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
Publish Date: 2024-12-29
URL: CVE-2024-56737
CVSS 3 Score Details (8.8)
Base Score Metrics:
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Publish Date: 2021-03-03
URL: CVE-2020-25632
CVSS 3 Score Details (8.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-25632
Release Date: 2021-03-03
Fix Resolution: grub2-common - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-87,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-90,2.02-0.86,2.02-0.86,2.02-90;grub2-tools-extra-debuginfo - 2.02-90,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-efi-x64-cdboot - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90,2.02-87;fwupd-debugsource - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools - 2.02-0.86,2.02-90,2.02-90,2.02-87,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.87,2.02-0.86,2.02-90,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64 - 2.02-90,2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86;grub2-tools-minimal - 2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-90,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87,2.02-90;shim-x64 - 15.4-2;grub2-ppc64le-modules - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-efi-ia32-cdboot - 2.02-87,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-ppc64le - 2.02-87,2.02-90,2.02-87;shim - 15.4-2;grub2-pc - 2.02-0.86,2.02-87,2.02-0.87,2.02-90,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.87,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-90;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-87,2.02-90;shim-aa64 - 15.4-2;shim-ia32 - 15.4-2;grub2-efi-x64-modules - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-90;fwupd-debuginfo - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools-efi - 2.02-87,2.02-90,2.02-87;fwupd - 1.5.9-1,1.1.4-4,1.1.4-4,1.1.4-4,1.1.4-9,1.5.9-1,1.5.9-1,1.5.9-1,1.1.4-9,1.1.4-9,1.1.4-4,1.1.4-4,1.5.9-1,1.1.4-9,1.1.4-9;grub2 - 2.02-0.87,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90;grub2-efi-ia32-modules - 2.02-0.86,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90;grub2-tools-extra - 2.02-0.86
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Publish Date: 2021-03-03
URL: CVE-2020-25647
CVSS 3 Score Details (7.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-25647
Release Date: 2021-03-03
Fix Resolution: grub2-common - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-87,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-90,2.02-0.86,2.02-0.86,2.02-90;grub2-tools-extra-debuginfo - 2.02-90,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-efi-x64-cdboot - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90,2.02-87;fwupd-debugsource - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools - 2.02-0.86,2.02-90,2.02-90,2.02-87,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.87,2.02-0.86,2.02-90,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64 - 2.02-90,2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86;grub2-tools-minimal - 2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-90,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87,2.02-90;shim-x64 - 15.4-2;grub2-ppc64le-modules - 2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-efi-ia32-cdboot - 2.02-87,2.02-90,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-ppc64le - 2.02-87,2.02-90,2.02-87;shim - 15.4-2;grub2-pc - 2.02-0.86,2.02-87,2.02-0.87,2.02-90,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-90,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.87,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-90;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-87,2.02-90;shim-aa64 - 15.4-2;shim-ia32 - 15.4-2;grub2-efi-x64-modules - 2.02-0.86,2.02-90,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.87;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-90;fwupd-debuginfo - 1.1.4-9,1.1.4-4,1.5.9-1;grub2-tools-efi - 2.02-87,2.02-90,2.02-87;fwupd - 1.5.9-1,1.1.4-4,1.1.4-4,1.1.4-4,1.1.4-9,1.5.9-1,1.5.9-1,1.5.9-1,1.1.4-9,1.1.4-9,1.1.4-4,1.1.4-4,1.5.9-1,1.1.4-9,1.1.4-9;grub2 - 2.02-0.87,2.02-0.87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.87,2.02-0.86,2.02-90;grub2-efi-ia32-modules - 2.02-0.86,2.02-0.86,2.02-90,2.02-0.87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-90;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-90;grub2-tools-extra - 2.02-0.86
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (2)
Vulnerability Details
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
Publish Date: 2024-01-15
URL: CVE-2023-4001
CVSS 3 Score Details (6.8)
Base Score Metrics:
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
Publish Date: 2023-07-20
URL: CVE-2022-28735
CVSS 3 Score Details (6.7)
Base Score Metrics:
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
Publish Date: 2020-07-30
URL: CVE-2020-14309
CVSS 3 Score Details (6.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-14309
Release Date: 2020-07-30
Fix Resolution: grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86
Vulnerable Libraries - grub2release/26.0.0.0, grub2release/26.0.0.0, grub2release/26.0.0.0
Vulnerability Details
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.
Publish Date: 2021-03-15
URL: CVE-2021-3418
CVSS 3 Score Details (6.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1933757
Release Date: 2021-03-15
Fix Resolution: grub 2.06
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
Publish Date: 2020-07-31
URL: CVE-2020-14311
CVSS 3 Score Details (5.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-14311
Release Date: 2020-07-31
Fix Resolution: grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
Publish Date: 2020-07-31
URL: CVE-2020-14310
CVSS 3 Score Details (5.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-14310
Release Date: 2020-07-31
Fix Resolution: grub2-common - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86;grub2-tools-extra - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87;grub2-tools-extra-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-pc-modules - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86;grub2-efi-x64-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;fwupd-debugsource - 1.1.4-2,1.1.4-7,1.1.4-2;mokutil-debuginfo - 15-8,15-7,15-8,15-8,15-8,15-8;grub2-tools - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-tools-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64 - 2.02-87,2.02-87;grub2-efi-ia32 - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-minimal - 2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87;grub2-efi-aa64-cdboot - 2.02-87,2.02-87;shim-unsigned-x64-debuginfo - 15-8;shim-x64 - 15-8,15-7,15-8,15-8,15-14,15-14,15-14;grub2-ppc64le-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;fwupdate-devel - 9-10,12-6,12-6,12-6;grub2-efi-ia32-cdboot - 2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;mokutil - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate-debuginfo - 12-6,12-6,12-6,9-10;grub2-ppc64le - 2.02-87,2.02-87,2.02-87;shim - 15-8,15-14,15-8,15-14,15-14,15-8,15-7;grub2-pc - 2.02-0.86,2.02-87,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-efi-x64 - 2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87;grub2-ppc-modules - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86;grub2-debugsource - 2.02-87,2.02-87,2.02-87;grub2-debuginfo - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-87;shim-aa64 - 15-14,15-14;shim-ia32 - 15-8,15-14,15-8,15-7,15-14,15-8,15-14;shim-unsigned-ia32-debuginfo - 15-8;grub2-efi-x64-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;grub2-tools-efi-debuginfo - 2.02-87,2.02-87,2.02-87;shim-signed - 15-8,15-8,15-8,15-7,15-8,15-8;fwupdate - 12-6,12-6,12-6,9-10,9-10,12-6,12-6,12-6;fwupd-debuginfo - 1.1.4-2,1.1.4-2,1.1.4-7;fwupdate-efi - 12-6,9-10,12-6,12-6;shim-unsigned-x64 - 15-7,15-8;grub2-tools-efi - 2.02-87,2.02-87,2.02-87;fwupd - 1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2,1.1.4-7,1.1.4-7,1.1.4-2,1.1.4-2,1.1.4-2;grub2 - 2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;fwupdate-libs - 12-6,12-6,9-10,12-6;grub2-efi-ia32-modules - 2.02-0.86,2.02-87,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86,2.02-87,2.02-0.86,2.02-0.86;shim-unsigned-ia32 - 15-8,15-7;grub2-tools-minimal-debuginfo - 2.02-87,2.02-87,2.02-87;grub2-efi-aa64-modules - 2.02-0.86,2.02-0.86,2.02-87,2.02-87,2.02-0.86,2.02-0.86,2.02-0.86,2.02-87,2.02-0.86
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
Publish Date: 2020-09-23
URL: CVE-2020-25601
CVSS 3 Score Details (5.5)
Base Score Metrics:
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (3)
Vulnerability Details
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
Publish Date: 2013-11-02
URL: CVE-2013-4416
CVSS 3 Score Details (4.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://xenbits.xen.org/xsa/
Release Date: 2013-11-02
Fix Resolution: 4.4.0
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (2)
Vulnerability Details
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to
SCRIPT LOAD
andEVAL
commands using ACL rules.Publish Date: 2022-04-27
URL: CVE-2022-24735
CVSS 3 Score Details (3.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-647m-2wmq-qmvq
Release Date: 2022-04-27
Fix Resolution: 6.2.7;7.0.0
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (2)
Vulnerability Details
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to
SCRIPT LOAD
andEVAL
commands using ACL rules.Publish Date: 2022-04-27
URL: CVE-2022-24736
CVSS 3 Score Details (3.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-3qpw-7686-5984
Release Date: 2022-04-27
Fix Resolution: 6.2.7;7.0.0
Vulnerable Library - grub2release/26.0.0.0
Delphix fork of the Ubuntu grub source repository
Library home page: https://github.com/delphix/grub2.git
Found in HEAD commit: 34ea03480cbcacc530f29fed55eb2d7d0de23483
Found in base branch: develop
Vulnerable Source Files (2)
Vulnerability Details
A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.
Publish Date: 2022-11-21
URL: CVE-2022-4087
CVSS 3 Score Details (2.6)
Base Score Metrics:
The text was updated successfully, but these errors were encountered: