CVE-2024-1048 โ€” Incomplete Cleanup in Fedora

CWE-459 โ€” Incomplete CleanupCWE-476 โ€” NULL Pointer Dereference7 documents5 sources
Severity
3.3LOWNVD
CNA5.9
EPSS
0.0%
top 98.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedFeb 6
Latest updateOct 21

Description

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages0 packages

Also affects: Fedora 40, Enterprise Linux 8.0, 9.0

๐Ÿ”ดVulnerability Details

2
CVEList
Grub2: grub2-set-bootflag can be abused by local (pseudo-)usersโ†—2024-02-06
โ–ถ
GHSA
GHSA-3qrv-r8v8-pmw7: A flaw was found in the grub2-set-bootflag utility of grub2โ†—2024-02-06
โ–ถ

๐Ÿ“‹Vendor Advisories

3
Red Hat
kernel: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_funcโ†—2024-10-21
โ–ถ
Red Hat
grub2: grub2-set-bootflag can be abused by local (pseudo-)usersโ†—2024-02-06
โ–ถ
Debian
CVE-2024-1048: grub2 - A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CV...โ†—2024
โ–ถ
CVE-2024-1048 โ€” Incomplete Cleanup in Fedora | cvebase