rpm package
almalinux/grub2-pc
pkg:rpm/almalinux/grub2-pc
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61662 | Hig | 7.8 | < 1:2.02-170.el8_10.1.alma.1 | 1:2.02-170.el8_10.1.alma.1 | Nov 18, 2025 | A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, caus | |
| CVE-2025-0690 | Med | 6.1 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 24, 2025 | The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make t | |
| CVE-2025-0677 | Med | 6.4 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 19, 2025 | A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be call | |
| CVE-2025-0624 | Hig | 7.6 | < 1:2.06-94.el9_5.alma.1 | 1:2.06-94.el9_5.alma.1 | Feb 19, 2025 | A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environm | |
| CVE-2024-45777 | — | < 1:2.06-114.el9_7.alma.1 | 1:2.06-114.el9_7.alma.1 | Feb 19, 2025 | A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventua | ||
| CVE-2025-0622 | Med | 6.4 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 18, 2025 | A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vuln | |
| CVE-2024-45783 | Med | 4.4 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 18, 2025 | A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access. | |
| CVE-2024-45781 | Med | 6.7 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 18, 2025 | A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to c | |
| CVE-2024-45776 | Med | 6.7 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 18, 2025 | When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to | |
| CVE-2024-45775 | Med | 5.2 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 18, 2025 | A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the pars | |
| CVE-2024-45774 | Med | 6.7 | < 1:2.06-104.el9_6.alma.1 | 1:2.06-104.el9_6.alma.1 | Feb 18, 2025 | A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not | |
| CVE-2024-1048 | — | < 1:2.06-77.el9.alma.1 | 1:2.06-77.el9.alma.1 | Feb 6, 2024 | A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the tempora | ||
| CVE-2023-4001 | — | < 1:2.06-70.el9_3.2.alma.1 | 1:2.06-70.el9_3.2.alma.1 | Jan 15, 2024 | An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick | ||
| CVE-2023-4692 | — | < 1:2.06-77.el9.alma.1 | 1:2.06-77.el9.alma.1 | Oct 25, 2023 | An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap me | ||
| CVE-2023-4693 | — | < 1:2.06-77.el9.alma.1 | 1:2.06-77.el9.alma.1 | Oct 25, 2023 | An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI v | ||
| CVE-2022-28737 | — | < 1:2.02-123.el8_6.8.alma | 1:2.02-123.el8_6.8.alma | Jul 20, 2023 | There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memo | ||
| CVE-2022-28736 | — | < 1:2.02-123.el8_6.8.alma | 1:2.02-123.el8_6.8.alma | Jul 20, 2023 | There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerabili | ||
| CVE-2022-28735 | — | < 1:2.02-123.el8_6.8.alma | 1:2.02-123.el8_6.8.alma | Jul 20, 2023 | The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. | ||
| CVE-2022-28734 | — | < 1:2.02-123.el8_6.8.alma | 1:2.02-123.el8_6.8.alma | Jul 20, 2023 | Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf | ||
| CVE-2022-28733 | — | < 1:2.02-123.el8_6.8.alma | 1:2.02-123.el8_6.8.alma | Jul 20, 2023 | Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number whi |
- affected < 1:2.02-170.el8_10.1.alma.1fixed 1:2.02-170.el8_10.1.alma.1
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, caus
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make t
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be call
- affected < 1:2.06-94.el9_5.alma.1fixed 1:2.06-94.el9_5.alma.1
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environm
- CVE-2024-45777Feb 19, 2025affected < 1:2.06-114.el9_7.alma.1fixed 1:2.06-114.el9_7.alma.1
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventua
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vuln
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to c
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the pars
- affected < 1:2.06-104.el9_6.alma.1fixed 1:2.06-104.el9_6.alma.1
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not
- CVE-2024-1048Feb 6, 2024affected < 1:2.06-77.el9.alma.1fixed 1:2.06-77.el9.alma.1
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the tempora
- CVE-2023-4001Jan 15, 2024affected < 1:2.06-70.el9_3.2.alma.1fixed 1:2.06-70.el9_3.2.alma.1
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick
- CVE-2023-4692Oct 25, 2023affected < 1:2.06-77.el9.alma.1fixed 1:2.06-77.el9.alma.1
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap me
- CVE-2023-4693Oct 25, 2023affected < 1:2.06-77.el9.alma.1fixed 1:2.06-77.el9.alma.1
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI v
- CVE-2022-28737Jul 20, 2023affected < 1:2.02-123.el8_6.8.almafixed 1:2.02-123.el8_6.8.alma
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memo
- CVE-2022-28736Jul 20, 2023affected < 1:2.02-123.el8_6.8.almafixed 1:2.02-123.el8_6.8.alma
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerabili
- CVE-2022-28735Jul 20, 2023affected < 1:2.02-123.el8_6.8.almafixed 1:2.02-123.el8_6.8.alma
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
- CVE-2022-28734Jul 20, 2023affected < 1:2.02-123.el8_6.8.almafixed 1:2.02-123.el8_6.8.alma
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf
- CVE-2022-28733Jul 20, 2023affected < 1:2.02-123.el8_6.8.almafixed 1:2.02-123.el8_6.8.alma
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number whi
Page 1 of 2