Debian Grub2 vulnerabilities

CVE-2020-14311 [MEDIUM] CVE-2020-14311: grub2 - There is an issue with grub2 before version 2.06 while handling symlink on ext f... There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.04-9) bullseye: resolved (fixed in 2.04-9)

CVE-2020-15706 [MEDIUM] CVE-2020-15706: grub2 - GRUB2 contains a race condition in grub_script_function_create() leading to a us... GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. Scope: local bookworm: resolved (fix

CVE-2020-15705 [MEDIUM] CVE-2020-15705: grub2 - GRUB2 fails to validate kernel signature when booted directly without shim, allo... GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Scope: local b

CVE-2019-14865 [MEDIUM] CVE-2019-14865: grub2 - A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker co... A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-9763 [HIGH] CVE-2017-9763: grub2 - The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as... The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. Scope: local bookworm: resolved (fixed in 2.02~beta2-8) bullseye: resolved

CVE-2015-8370 [HIGH] CVE-2015-8370: grub2 - Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximat... Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or

CVE-2015-5281 [LOW] CVE-2015-5281: grub2 - The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when us... The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verifie

CVE-2013-4577 [LOW] CVE-2013-4577: grub2 - A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg... A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. Scope: local bookworm: resolved (fixed in 2.00-20) bullseye: resolved (fixed in 2.00-20) forky: resolved (fixed in 2.00-20) sid: resolved (fixed in 2.00-20) trixie: reso

CVE-2009-4128 [HIGH] CVE-2009-4128: grub - GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion o... GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. Scope: local bookworm: resolved bullseye: resolved trixie: resolved