VYPR

Vendor CVEs

Grub

All CVEs

44 total · sorted by risk
  • CVE-2022-2601HigDec 14, 2022
    risk 0.56cvss 8.6epss 0.01

    A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based…

  • CVE-2022-28734HigJul 20, 2023
    risk 0.53cvss 8.1epss 0.01

    Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the…

  • CVE-2021-20233HigMar 3, 2021
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to…

  • CVE-2020-25632HigMar 3, 2021
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed…

  • CVE-2025-61662HigNov 18, 2025
    risk 0.51cvss 7.8epss 0.00

    A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command,…

  • CVE-2025-0624HigFeb 19, 2025
    risk 0.49cvss 7.6epss 0.01

    A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the…

  • CVE-2020-27779HigMar 3, 2021
    risk 0.49cvss 7.5epss 0.00

    A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory…

  • CVE-2015-8370HigDec 16, 2015
    risk 0.48cvss 7.4epss 0.01

    Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in…

  • CVE-2024-49504HigNov 13, 2024
    risk 0.46cvss epss 0.00

    grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.

  • CVE-2022-3775HigDec 19, 2022
    risk 0.46cvss 7.1epss 0.01

    When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to…

  • CVE-2021-3697HigJul 6, 2022
    risk 0.46cvss 7.0epss 0.00

    A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and…

  • CVE-2024-45776MedFeb 18, 2025
    risk 0.44cvss 6.7epss 0.00

    When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to…

  • CVE-2022-28735MedJul 20, 2023
    risk 0.44cvss 6.7epss 0.00

    The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

  • CVE-2021-20225MedMar 3, 2021
    risk 0.44cvss 6.7epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data…

  • CVE-2020-27749MedMar 3, 2021
    risk 0.44cvss 6.7epss 0.01

    A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a…

  • CVE-2020-14309MedJul 30, 2020
    risk 0.44cvss 6.7epss 0.00

    There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer…

  • CVE-2025-0677MedFeb 19, 2025
    risk 0.42cvss 6.4epss 0.00

    A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be…

  • CVE-2025-0622MedFeb 18, 2025
    risk 0.42cvss 6.4epss 0.00

    A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free…

  • CVE-2022-28736MedJul 20, 2023
    risk 0.42cvss 6.4epss 0.00

    There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free…

  • CVE-2021-3418MedMar 15, 2021
    risk 0.42cvss 6.4epss 0.00

    If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw…

  • CVE-2020-14308MedJul 29, 2020
    risk 0.42cvss 6.4epss 0.00

    In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and…

  • CVE-2020-15706MedJul 29, 2020
    risk 0.42cvss 6.4epss 0.01

    GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This…

  • CVE-2020-15705MedJul 29, 2020
    risk 0.42cvss 6.4epss 0.01

    GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without…

  • CVE-2025-0690MedFeb 24, 2025
    risk 0.40cvss 6.1epss 0.01

    The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make…

  • CVE-2025-4382MedMay 9, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can…

  • CVE-2019-14865MedNov 29, 2019
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

  • CVE-2020-14311MedJul 31, 2020
    risk 0.37cvss 5.7epss 0.00

    There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

  • CVE-2020-14310MedJul 31, 2020
    risk 0.37cvss 5.7epss 0.00

    There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage…

  • CVE-2020-15707MedJul 29, 2020
    risk 0.37cvss 5.7epss 0.02

    Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be…

  • CVE-2024-45775MedFeb 18, 2025
    risk 0.34cvss 5.2epss 0.00

    A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the…

  • CVE-2025-61663MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can…

  • CVE-2024-45783MedFeb 18, 2025
    risk 0.29cvss 4.4epss 0.00

    A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.

  • CVE-2021-3696MedJul 6, 2022
    risk 0.29cvss 4.5epss 0.00

    A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and…

  • CVE-2021-3695MedJul 6, 2022
    risk 0.29cvss 4.5epss 0.00

    A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be…

  • CVE-2024-1048LowFeb 6, 2024
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the…

  • CVE-2021-3981LowMar 10, 2022
    risk 0.21cvss 3.3epss 0.00

    A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted…

  • CVE-2025-0686Mar 3, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A…

  • CVE-2025-0684Mar 3, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly…

  • CVE-2025-0678Mar 3, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted…

  • CVE-2024-45778Mar 3, 2025
    risk 0.00cvss epss 0.00

    A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

  • CVE-2024-45779Mar 3, 2025
    risk 0.00cvss epss 0.00

    An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file…

  • CVE-2024-45780Mar 3, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file,…

  • CVE-2025-1125Mar 3, 2025
    risk 0.00cvss epss 0.00

    When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of…

  • CVE-2024-45777Feb 19, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data,…