Debian Grub2 vulnerabilities

CVE-2024-45775 [MEDIUM] CVE-2024-45775: grub2 - A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub... A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT d

CVE-2024-56738 [MEDIUM] CVE-2024-56738: grub2 - GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for gru... GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-45777 [MEDIUM] CVE-2024-45777: grub2 - A flaw was found in grub2. The calculation of the translation buffer when readin... A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections. Scope: local bookworm: open

CVE-2024-45778 [MEDIUM] CVE-2024-45778: grub2 - A stack overflow flaw was found when reading a BFS file system. A crafted BFS fi... A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.12-6) sid: resolved (fixed in 2.12-6) trixie: resolved (fixed in 2.12-6)

CVE-2024-45780 [MEDIUM] CVE-2024-45780: grub2 - A flaw was found in grub2. When reading tar files, grub2 allocates an internal b... A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent

CVE-2024-45783 [MEDIUM] CVE-2024-45783: grub2 - A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus files... A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.12-6) sid: resolved (fixed in 2.12-6) trixie: resolved (fixed in 2.12-6)

CVE-2024-45774 [MEDIUM] CVE-2024-45774: grub2 - A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG pars... A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.12-6)

CVE-2024-45779 [MEDIUM] CVE-2024-45779: grub2 - An integer overflow flaw was found in the BFS file system driver in grub2. When ... An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or g

CVE-2024-45776 [MEDIUM] CVE-2024-45776: grub2 - When reading the language .mo file in grub_mofile_open(), grub2 fails to verify ... When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot prote

CVE-2024-45781 [MEDIUM] CVE-2024-45781: grub2 - A flaw was found in grub2. When reading a symbolic link's name from a UFS filesy... A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections. Scope: local bookworm: open bullseye: open forky: res

CVE-2024-1048 [MEDIUM] CVE-2024-1048: grub2 - A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CV... A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resul

CVE-2024-49504 [HIGH] CVE-2024-49504: grub2 - grub2 allowed attackers with access to the grub shell to access files on the enc... grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-2312 [MEDIUM] CVE-2024-2312: grub2 - GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu'... GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 2.12-2) sid: resolved (fixed in 2.12-2) trixie: resolved (

CVE-2023-4692 [HIGH] CVE-2023-4692: grub2 - An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This is... An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achie

CVE-2023-4693 [MEDIUM] CVE-2023-4693: grub2 - An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This iss... An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. Scope: local bookworm

CVE-2023-4001 [MEDIUM] CVE-2023-4001: grub2 - An authentication bypass flaw was found in GRUB due to the way that GRUB uses th... An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system)

CVE-2022-3775 [HIGH] CVE-2022-3775: grub2 - When rendering certain unicode sequences, grub2's font code doesn't proper valid... When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not

CVE-2022-28733 [HIGH] CVE-2022-28733: grub2 - Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet ca... Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent opera

CVE-2022-28734 [HIGH] CVE-2022-28734: grub2 - Out-of-bounds write when handling split HTTP headers; When handling split HTTP h... Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of

CVE-2022-2601 [HIGH] CVE-2022-2601: grub2 - A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted ... A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. Sco