Описание
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
Отчет
This vulnerability has been rated as having a Moderate severity by the Red Hat Product Security Team. This classification is due to the needs of an attacker to have local access to the machine. Additionally the most likely outcome for a successful attack is leading grub to crash, resulting in a Denial of Service.
Меры по смягчению последствий
There's no known mitigation available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | grub2 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | grub2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | grub2 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | grub2 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS3
Связанные уязвимости
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
A use-after-free vulnerability has been identified in the GNU GRUB (Gr ...
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
4.9 Medium
CVSS3