Denial of service in grub



| Updated: 2024-09-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-14865
CWE-ID CWE-267
Exploitation vector Local
Public exploit N/A
Vulnerable software
 grub
Universal components / Libraries / Libraries used by multiple products

Vendor GNU

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Privilege Defined With Unsafe Actions

EUVDB-ID: #VU97100

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14865

CWE-ID: CWE-267 - Privilege Defined With Unsafe Actions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the grub2-set-bootflag utility. A local user can run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub: 2.00

CPE2.3 External links

http://seclists.org/oss-sec/2019/q4/101
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
http://access.redhat.com/errata/RHSA-2020:0335
http://www.openwall.com/lists/oss-security/2024/02/06/3


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###