Vulnerability Details : CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Products affected by CVE-2019-14865
- cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-14865
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14865
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H |
1.5
|
4.0
|
Red Hat, Inc. | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-14865
-
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.Assigned by: secalert@redhat.com (Primary)
References for CVE-2019-14865
-
http://www.openwall.com/lists/oss-security/2024/02/06/3
oss-security - CVE-2024-1048: grub2-set-bootflag may be abused to fill up /boot, bypass RLIMIT_NPROC
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
1764925 – (CVE-2019-14865) CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootableIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0335
RHSA-2020:0335 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://seclists.org/oss-sec/2019/q4/101
oss-sec: grub2-set-bootflag utility causes grubenv corruption rendering the system un-bootableMailing List;Third Party Advisory
Jump to