| CVE-2022-3775 |
BDSA-2022-3268 |
Low |
Dec 19, 2022 |
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitm
more...
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
less...
|
2.06, 2.04, 2.02, 1.99, 2.00, 0.6.96, 1.98, 1.97.1, 1.97, 1.96
|
| CVE-2022-28736 |
BDSA-2022-1599 |
Low |
Jul 20, 2023 |
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't su
more...
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
less...
|
2.06, 2.04, 2.02, 2.00
|
| CVE-2022-28735 |
BDSA-2022-1598 |
Low |
Jul 20, 2023 |
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to u
more...
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
less...
|
2.06, 2.04, 2.02, 2.00
|
| CVE-2022-28734 |
BDSA-2022-1597 |
Low |
Jul 20, 2023 |
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer poi
more...
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
less...
|
2.06, 2.04, 2.02, 2.00
|
| CVE-2022-28733 |
BDSA-2022-1596 |
Low |
Jul 20, 2023 |
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function
more...
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
less...
|
2.06, 2.04, 2.02, 2.00
|
| CVE-2022-2601 |
BDSA-2022-3267 |
Low |
Dec 14, 2022 |
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size va
more...
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
less...
|
2.06, 2.04, 2.02, 1.99, 2.00, 0.6.96, 1.98, 1.97.1, 1.97, 1.96
|
| CVE-2021-46705 |
|
Low |
Mar 16, 2022 |
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to trunca
more...
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
less...
|
2.06, 2.04, 2.02, 1.99, 2.00, 0.6.96, 1.98, 1.97.1, 1.97, 1.96
|
| CVE-2021-3981 |
BDSA-2021-4385 |
Low |
Mar 10, 2022 |
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users
more...
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
less...
|
2.06, 2.04, 2.02, 1.99, 2.00, 0.6.96, 1.98, 1.97.1, 1.97, 1.96
|
| CVE-2021-3697 |
BDSA-2022-1595 |
Medium |
Jul 06, 2022 |
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be
more...
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
less...
|
2.06, 2.04, 2.02, 2.00
|
| CVE-2021-3696 |
BDSA-2022-1594 |
Medium |
Jul 06, 2022 |
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Conf
more...
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
less...
|
2.06, 2.04, 2.02, 2.00
|
