Количество 15
Количество 15
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
CVE-2025-0624
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when tryin ...
GHSA-q3rr-g46f-jgqr
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
ELSA-2025-3396
ELSA-2025-3396: grub2 security update (IMPORTANT)
ELSA-2025-3367
ELSA-2025-3367: grub2 security update (IMPORTANT)
ELSA-2025-2867
ELSA-2025-2867: grub2 security update (IMPORTANT)
BDU:2025-02685
Уязвимость функции grub_net_search_config_file загрузчика операционных систем Grub2, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2025:0629-1
Security update for grub2
SUSE-SU-2025:0607-1
Security update for grub2
SUSE-SU-2025:0588-1
Security update for grub2
SUSE-SU-2025:0587-1
Security update for grub2
SUSE-SU-2025:0586-1
Security update for grub2
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-0624 A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections. | CVSS3: 7.6 | 1% Низкий | 6 месяцев назад |
 | CVE-2025-0624 A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections. | CVSS3: 7.6 | 1% Низкий | 6 месяцев назад |
 | CVE-2025-0624 A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections. | CVSS3: 7.6 | 1% Низкий | 6 месяцев назад |
 | CVSS3: 7.6 | 1% Низкий | 29 дней назад | |
| CVE-2025-0624 A flaw was found in grub2. During the network boot process, when tryin ... | CVSS3: 7.6 | 1% Низкий | 6 месяцев назад |
| GHSA-q3rr-g46f-jgqr A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections. | CVSS3: 7.6 | 1% Низкий | 6 месяцев назад |
| ELSA-2025-3396 ELSA-2025-3396: grub2 security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-3367 ELSA-2025-3367: grub2 security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-2867 ELSA-2025-2867: grub2 security update (IMPORTANT) | 5 месяцев назад | ||
 | BDU:2025-02685 Уязвимость функции grub_net_search_config_file загрузчика операционных систем Grub2, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 1% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:0629-1 Security update for grub2 | 6 месяцев назад | ||
| SUSE-SU-2025:0607-1 Security update for grub2 | 6 месяцев назад | ||
| SUSE-SU-2025:0588-1 Security update for grub2 | 6 месяцев назад | ||
| SUSE-SU-2025:0587-1 Security update for grub2 | 6 месяцев назад | ||
| SUSE-SU-2025:0586-1 Security update for grub2 | 6 месяцев назад |
Уязвимостей на страницу