Описание
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | does not affect Secure Boot |
| esm-infra-legacy/trusty | ignored | update incompatible with kernel |
| esm-infra/bionic | not-affected | does not affect Secure Boot |
| esm-infra/focal | not-affected | does not affect Secure Boot |
| esm-infra/xenial | not-affected | does not affect Secure Boot |
| focal | not-affected | does not affect Secure Boot |
| jammy | not-affected | does not affect Secure Boot |
| noble | not-affected | does not affect Secure Boot |
| oracular | not-affected | does not affect Secure Boot |
| plucky | not-affected | does not affect Secure Boot |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-infra-legacy/trusty | ignored | update incompatible with kernel |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | needs-triage | |
| questing | needs-triage |
Показывать по
Ссылки на источники
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
A flaw was found in grub2. When reading a symbolic link's name from a ...
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
EPSS
6.7 Medium
CVSS3