|Link||package | bugs open | bugs closed | Wiki | GitHub | web search|
|Description||GNU GRand Unified Bootloader (2)|
|CVE-2022-28737||AVG-2762||Medium||No||Arbitrary code execution||
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables. The handle_image() function takes into account...
|CVE-2022-28736||AVG-2762||Medium||No||Arbitrary code execution||
There's a use-after-free vulnerability in grub_cmd_chainloader() function. The chainloader command is used to boot up operating systems that doesn't support...
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to...
When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write...
|CVE-2022-28733||AVG-2762||High||Yes||Arbitrary code execution||
A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances...
|CVE-2021-3697||AVG-2762||High||No||Arbitrary code execution||
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user controlled data to be written in heap. To be successfully...
|CVE-2021-3696||AVG-2762||Medium||No||Arbitrary code execution||
A heap out-of-bounds write may happen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space....
|CVE-2021-3695||AVG-2762||High||No||Arbitrary code execution||
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data...
|CVE-2021-20233||AVG-1629||Medium||No||Arbitrary code execution||
There's a flaw in GRUB2 menu rendering code setparam_prefix() in the menu rendering code. It performs a length calculation under the assumption that...
|CVE-2021-20225||AVG-1629||Medium||No||Arbitrary code execution||
The option parser in GRUB2 allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific...
The GRUB2 upstream reintroduced CVE-2020-15705. This refers to a distro specific flaw which upstream introduced in Grub 2.05. If certificates that signed...
|CVE-2020-27779||AVG-1629||Medium||No||Access restriction bypass||
The GRUB2's cutmem command does not honor Secure Boot locking. This allows an privileged attacker to remove address ranges from memory creating an...
|CVE-2020-27749||AVG-1629||Medium||No||Arbitrary code execution||
grub_parser_split_cmdline() expands variable names present in the supplied command line in to their corresponding variable contents and uses a 1kB stack...
|CVE-2020-25647||AVG-1629||Medium||No||Arbitrary code execution||
grub_usb_device_initialize() is called to handle USB device initialization. It reads out the descriptors it needs from the USB device and uses that data to...
|CVE-2020-25632||AVG-1629||Medium||No||Arbitrary code execution||
The rmmod implementation for grub2 is flawed, allowing an attacker to unload a module used as a dependency without checking if any other dependent module is...
|CVE-2020-14372||AVG-1629||Medium||No||Arbitrary code execution||
GRUB2 enables the use of the command acpi even when secure boot is signaled by the firmware. An attacker with local root privileges can drop a small SSDT in...
|15 Jun 2021||ASA-202106-43||AVG-1629||Medium||multiple issues|