VYPR
Vendor

Grub

Products
3
CVEs
43
Across products
45
Status
Private

Products

3

Recent CVEs

43
View all 43 CVEs →
  • CVE-2022-2601HigDec 14, 2022
    risk 0.56cvss 8.6epss 0.01

    A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based…

  • CVE-2022-28734HigJul 20, 2023
    risk 0.53cvss 8.1epss 0.01

    Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the…

  • CVE-2021-20233HigMar 3, 2021
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to…

  • CVE-2020-25632HigMar 3, 2021
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed…

  • CVE-2025-61662HigNov 18, 2025
    risk 0.51cvss 7.8epss 0.00

    A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command,…

  • CVE-2025-0624HigFeb 19, 2025
    risk 0.49cvss 7.6epss 0.01

    A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the…

  • CVE-2015-8370HigDec 16, 2015
    risk 0.48cvss 7.4epss 0.01

    Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in…

  • CVE-2024-49504HigNov 13, 2024
    risk 0.46cvss epss 0.00

    grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.

  • CVE-2022-3775HigDec 19, 2022
    risk 0.46cvss 7.1epss 0.01

    When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to…

  • CVE-2021-3697HigJul 6, 2022
    risk 0.46cvss 7.0epss 0.00

    A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and…

  • CVE-2024-45776MedFeb 18, 2025
    risk 0.44cvss 6.7epss 0.00

    When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to…

  • CVE-2022-28735MedJul 20, 2023
    risk 0.44cvss 6.7epss 0.00

    The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

  • CVE-2021-20225MedMar 3, 2021
    risk 0.44cvss 6.7epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data…

  • CVE-2020-27749MedMar 3, 2021
    risk 0.44cvss 6.7epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a…

  • CVE-2020-14309MedJul 30, 2020
    risk 0.44cvss 6.7epss 0.00

    There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer…

  • CVE-2025-0677MedFeb 19, 2025
    risk 0.42cvss 6.4epss 0.00

    A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be…

  • CVE-2025-0622MedFeb 18, 2025
    risk 0.42cvss 6.4epss 0.00

    A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free…

  • CVE-2022-28736MedJul 20, 2023
    risk 0.42cvss 6.4epss 0.00

    There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free…

  • CVE-2021-3418MedMar 15, 2021
    risk 0.42cvss 6.4epss 0.00

    If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw…

  • CVE-2020-14308MedJul 29, 2020
    risk 0.42cvss 6.4epss 0.00

    In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and…