Search CVE reports
11 – 20 of 34 results
CVE-2022-28733
Medium prioritySome fixes available 6 of 12
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Fixed | Fixed | Fixed | Vulnerable |
| grub2-unsigned | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2022-3775
Medium prioritySome fixes available 7 of 12
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
| grub2-unsigned | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2022-2601
Medium prioritySome fixes available 6 of 12
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Fixed | Fixed | Fixed | Vulnerable |
| grub2-unsigned | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2021-3697
Medium prioritySome fixes available 6 of 12
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Fixed | Fixed | Fixed | Vulnerable |
| grub2-unsigned | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2021-3696
Medium prioritySome fixes available 6 of 12
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Fixed | Fixed | Fixed | Vulnerable |
| grub2-unsigned | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2021-3695
Medium prioritySome fixes available 6 of 12
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Fixed | Fixed | Fixed | Vulnerable |
| grub2-unsigned | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2021-3981
Low prioritySome fixes available 4 of 15
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| grub2-unsigned | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2021-3418
Medium priorityIf certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | — | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | — | Not affected | Not affected | Not affected | Not affected |
| grub2-unsigned | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-20233
Medium prioritySome fixes available 12 of 13
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Not affected | Fixed | Fixed | Fixed |
| grub2-unsigned | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2021-20225
Medium prioritySome fixes available 12 of 13
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The...
3 affected packages
grub2, grub2-signed, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| grub2-signed | Not affected | Not affected | Fixed | Fixed | Fixed |
| grub2-unsigned | Not affected | Not affected | Fixed | Fixed | Fixed |