CVE-2015-8370 : Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximat

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Published 2015-12-16 21:59:04

Updated 2024-10-21 17:35:14

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-8370

GNU » Grub2 » Version: 1.98
cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*
Matching versions
GNU » Grub2 » Version: 1.99
cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*
Matching versions
GNU » Grub2 » Version: 2.00
cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*
Matching versions
GNU » Grub2 » Version: 2.01
cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*
Matching versions
GNU » Grub2 » Version: 2.02
cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 23
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-8370

EPSS FAQ

2.77%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-8370

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.4	HIGH	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	1.4	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-10-21
Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-8370

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-8370

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Oracle Critical Patch Update - January 2016
Patch

CVEs referencing this url
http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html

Grub2 Authentication Bypass ≈ Packet Storm
http://rhn.redhat.com/errata/RHSA-2015-2623.html

RHSA-2015:2623 - Security Advisory - Red Hat Customer Portal
http://www.securityfocus.com/bid/79358

GNU GRUB2 CVE-2015-8370 Multiple Local Authentication Bypass Vulnerabilities
http://www.ubuntu.com/usn/USN-2836-1

USN-2836-1: GRUB vulnerability | Ubuntu security notices
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html

[SECURITY] Fedora 23 Update: grub2-2.02-0.25.fc23
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html

[security-announce] SUSE-SU-2015:2387-1: important: Security update for
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html

[security-announce] SUSE-SU-2015:2386-1: important: Security update for
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html

[security-announce] openSUSE-SU-2015:2392-1: important: Security update
http://www.debian.org/security/2015/dsa-3421

Debian -- Security Information -- DSA-3421-1 grub2
https://security.gentoo.org/glsa/201512-03

GRUB: Authentication bypass (GLSA 201512-03) — Gentoo security
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html

[security-announce] SUSE-SU-2015:2399-1: important: Security update for
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html

[security-announce] openSUSE-SU-2015:2375-1: important: Security update
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Oracle Linux Bulletin - October 2015

CVEs referencing this url
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

Back to 28: Grub2 Authentication Bypass 0-Day
Exploit
http://www.openwall.com/lists/oss-security/2024/01/15/3

oss-security - CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager

CVEs referencing this url
http://www.securitytracker.com/id/1034422

GNU GRUB Authentication Bug Lets Local Users Bypass Authentication and Gain Elevated Privileges - SecurityTracker
http://seclists.org/fulldisclosure/2015/Dec/69

Full Disclosure: Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
http://www.securityfocus.com/archive/1/537115/100/0/threaded

SecurityFocus
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html

[security-announce] SUSE-SU-2015:2385-1: important: Security update for
http://www.openwall.com/lists/oss-security/2015/12/15/6

oss-security - Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html

[SECURITY] Fedora 22 Update: grub2-2.02-0.18.fc22
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html

[security-announce] openSUSE-SU-2016:0036-1: important: Security update

Jump to

Vulnerability Details : CVE-2015-8370

Products affected by CVE-2015-8370

Exploit prediction scoring system (EPSS) score for CVE-2015-8370

CVSS scores for CVE-2015-8370

CWE ids for CVE-2015-8370

References for CVE-2015-8370