Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:0699: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es):

  • grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)
  • grub2: Use-after-free in rmmod command (CVE-2020-25632)
  • grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)
  • grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)
  • grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)
  • grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)
  • grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
  • CVE-2020-14372: grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
  • CVE-2020-25632: grub2: Use-after-free in rmmod command
  • CVE-2020-25647: grub2: Out-of-bounds write in grub_usb_device_initialize()
  • CVE-2020-27749: grub2: Stack buffer overflow in grub_parser_split_cmdline()
  • CVE-2020-27779: grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled
  • CVE-2021-20225: grub2: Heap out-of-bounds write in short form option parser
  • CVE-2021-20233: grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
Red Hat Security Data
Open in Source
#vulnerability#linux#red_hat

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data