Grub2

CVEs (3)

CVE	Vendor / Product	CVSS	Published	Description
CVE-2021-3418	Grub Grub2	—	Mar 15, 2021	If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw…
CVE-2020-14311	Grub Grub2	—	Jul 31, 2020	There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-14310	Grub Grub	—	Jul 31, 2020	There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage…

CVE-2021-3418Mar 15, 2021
Grub
Grub2
risk 0.00cvss —epss 0.00
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw…
CVE-2020-14311Jul 31, 2020
Grub
Grub2
risk 0.00cvss —epss 0.00
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-14310Jul 31, 2020
Grub
Grub
risk 0.00cvss —epss 0.00
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage…