Search CVE reports
11 – 20 of 57 results
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function....
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered...
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's...
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing...
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation...
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may...
3 affected packages
grub2, grub2-unsigned, grub2-signed
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2-signed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |