ID CVE-2019-14865
Summary A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 17-05-2021 - 14:36)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1764925
title CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment grub2-common is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335001
        • comment grub2-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335002
      • AND
        • comment grub2-debugsource is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335003
        • comment grub2-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335004
      • AND
        • comment grub2-efi-aa64 is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335005
        • comment grub2-efi-aa64 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335006
      • AND
        • comment grub2-efi-aa64-cdboot is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335007
        • comment grub2-efi-aa64-cdboot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335008
      • AND
        • comment grub2-efi-aa64-modules is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335009
        • comment grub2-efi-aa64-modules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335010
      • AND
        • comment grub2-efi-ia32 is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335011
        • comment grub2-efi-ia32 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335012
      • AND
        • comment grub2-efi-ia32-cdboot is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335013
        • comment grub2-efi-ia32-cdboot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335014
      • AND
        • comment grub2-efi-ia32-modules is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335015
        • comment grub2-efi-ia32-modules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335016
      • AND
        • comment grub2-efi-x64 is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335017
        • comment grub2-efi-x64 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335018
      • AND
        • comment grub2-efi-x64-cdboot is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335019
        • comment grub2-efi-x64-cdboot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335020
      • AND
        • comment grub2-efi-x64-modules is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335021
        • comment grub2-efi-x64-modules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335022
      • AND
        • comment grub2-pc is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335023
        • comment grub2-pc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335024
      • AND
        • comment grub2-pc-modules is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335025
        • comment grub2-pc-modules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335026
      • AND
        • comment grub2-ppc64le is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335027
        • comment grub2-ppc64le is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335028
      • AND
        • comment grub2-ppc64le-modules is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335029
        • comment grub2-ppc64le-modules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335030
      • AND
        • comment grub2-tools is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335031
        • comment grub2-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152401008
      • AND
        • comment grub2-tools-efi is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335033
        • comment grub2-tools-efi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335034
      • AND
        • comment grub2-tools-extra is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335035
        • comment grub2-tools-extra is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335036
      • AND
        • comment grub2-tools-minimal is earlier than 1:2.02-78.el8_1.1
          oval oval:com.redhat.rhsa:tst:20200335037
        • comment grub2-tools-minimal is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200335038
rhsa
id RHSA-2020:0335
released 2020-02-04
severity Moderate
title RHSA-2020:0335: grub2 security update (Moderate)
rpms
  • grub2-common-1:2.02-78.el8_1.1
  • grub2-debuginfo-1:2.02-78.el8_1.1
  • grub2-debugsource-1:2.02-78.el8_1.1
  • grub2-efi-aa64-1:2.02-78.el8_1.1
  • grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1
  • grub2-efi-aa64-modules-1:2.02-78.el8_1.1
  • grub2-efi-ia32-1:2.02-78.el8_1.1
  • grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1
  • grub2-efi-ia32-modules-1:2.02-78.el8_1.1
  • grub2-efi-x64-1:2.02-78.el8_1.1
  • grub2-efi-x64-cdboot-1:2.02-78.el8_1.1
  • grub2-efi-x64-modules-1:2.02-78.el8_1.1
  • grub2-pc-1:2.02-78.el8_1.1
  • grub2-pc-modules-1:2.02-78.el8_1.1
  • grub2-ppc64le-1:2.02-78.el8_1.1
  • grub2-ppc64le-modules-1:2.02-78.el8_1.1
  • grub2-tools-1:2.02-78.el8_1.1
  • grub2-tools-debuginfo-1:2.02-78.el8_1.1
  • grub2-tools-efi-1:2.02-78.el8_1.1
  • grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1
  • grub2-tools-extra-1:2.02-78.el8_1.1
  • grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1
  • grub2-tools-minimal-1:2.02-78.el8_1.1
  • grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
misc https://seclists.org/oss-sec/2019/q4/101
Last major update 17-05-2021 - 14:36
Published 29-11-2019 - 10:15
Last modified 17-05-2021 - 14:36
Back to Top