Описание
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | does not affect Secure Boot |
| esm-infra-legacy/trusty | ignored | update incompatible with kernel |
| esm-infra/bionic | not-affected | does not affect Secure Boot |
| esm-infra/focal | not-affected | does not affect Secure Boot |
| esm-infra/xenial | not-affected | does not affect Secure Boot |
| focal | not-affected | does not affect Secure Boot |
| jammy | not-affected | does not affect Secure Boot |
| noble | not-affected | does not affect Secure Boot |
| oracular | not-affected | does not affect Secure Boot |
| plucky | not-affected | does not affect Secure Boot |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-infra-legacy/trusty | ignored | update incompatible with kernel |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | needs-triage | |
| questing | needs-triage |
Показывать по
Ссылки на источники
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
Grub2: grub-core/gettext: integer overflow leads to heap oob write.
A flaw was found in grub2. The calculation of the translation buffer w ...
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
EPSS
6.7 Medium
CVSS3