rpm package
suse/grub2&distro=SUSE Enterprise Storage 7.1
pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%207.1
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45774 | Med | 6.7 | < 2.04-150300.22.52.3 | 2.04-150300.22.52.3 | Feb 18, 2025 | A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not | |
| CVE-2024-56737 | — | < 2.04-150300.22.52.3 | 2.04-150300.22.52.3 | Dec 29, 2024 | GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. | ||
| CVE-2023-4692 | — | < 2.04-150300.22.43.1 | 2.04-150300.22.43.1 | Oct 25, 2023 | An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap me | ||
| CVE-2023-4693 | — | < 2.04-150300.22.43.1 | 2.04-150300.22.43.1 | Oct 25, 2023 | An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI v |
- affected < 2.04-150300.22.52.3fixed 2.04-150300.22.52.3
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not
- CVE-2024-56737Dec 29, 2024affected < 2.04-150300.22.52.3fixed 2.04-150300.22.52.3
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
- CVE-2023-4692Oct 25, 2023affected < 2.04-150300.22.43.1fixed 2.04-150300.22.43.1
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap me
- CVE-2023-4693Oct 25, 2023affected < 2.04-150300.22.43.1fixed 2.04-150300.22.43.1
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI v
Page 2 of 2