DSA-4867-1 grub2 -- grub2ID: oval:org.secpod.oval:def:605458 | Date: (C)2021-03-03 (M)2023-11-13 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-14372 It was discovered that the acpi command allows a privileged user to load crafted ACPI tables when Secure Boot is enabled. CVE-2020-25632 A use-after-free vulnerability was found in the rmmod command. CVE-2020-25647 An out-of-bound write vulnerability was found in the grub_usb_device_initialize function, which is called to handle USB device initialization. CVE-2020-27749 A stack buffer overflow flaw was found in grub_parser_split_cmdline. CVE-2020-27779 It was discovered that the cutmem command allows a privileged user to remove memory regions when Secure Boot is enabled. CVE-2021-20225 A heap out-of-bounds write vulnerability was found in the short form option parser. CVE-2021-20233 A heap out-of-bound write flaw was found caused by mis-calculation of space required for quoting in the menu rendering. Further detailed information can be found at https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot
Product: |
grub-firmware-qemu |
grub-ieee1275 |
grub-common |
grub2 |
grub-pc |
grub-emu |
grub-yeeloong |
grub-linuxbios |
grub-xen |
grub-uboot |
grub-coreboot |
grub-rescue-pc |
grub-mount-udeb |
grub-theme-starfield |
grub-efi |