CVE-2019-14865Privilege Defined With Unsafe Actions in Grub2

CWE-267Privilege Defined With Unsafe ActionsCWE-459Incomplete Cleanup10 documents5 sources
Severity
5.9MEDIUMNVD
NVD3.3
EPSS
0.0%
top 88.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fedoraproject FedoraRedhat Enterprise LinuxDebian Grub2
Timeline
PublishedNov 29
Latest updateFeb 6

Description

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages1 packages

debiandebian/grub2

Also affects: Fedora 40, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-3qrv-r8v8-pmw7: A flaw was found in the grub2-set-bootflag utility of grub22024-02-06
GHSA
GHSA-5c3m-78cg-3wpv: A flaw was found in the grub2-set-bootflag utility of grub22022-05-24

📋Vendor Advisories

4
Red Hat
grub2: grub2-set-bootflag can be abused by local (pseudo-)users2024-02-06
Debian
CVE-2024-1048: grub2 - A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CV...2024
Red Hat
grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable2019-11-25
Debian
CVE-2019-14865: grub2 - A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker co...2019

💬Community

2
Bugzilla
CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable [fedora-all]2019-11-26
Bugzilla
CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable2019-10-24