Debian Grub vulnerabilities

CVE-2023-4949 [HIGH] CVE-2023-4949: grub - An attacker with local access to a system (either through a disk or external dri... An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. Scope: local bookworm: open bullseye: open trixie: open

CVE-2009-4128 [HIGH] CVE-2009-4128: grub - GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion o... GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. Scope: local bookworm: resolved bullseye: resolved trixie: resolved

CVE-2008-3896 [LOW] CVE-2008-3896: grub - Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIO... Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. Scope: local bookworm: open bullseye: open trixie: open