Main Vulnerability Database Vulnerabilities #VU97100

Privilege Defined With Unsafe Actions in grub - CVE-2019-14865

Published: September 10, 2024

Vulnerability identifier: #VU97100

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14865

CWE-ID: CWE-267

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
grub

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the grub2-set-bootflag utility. A local user can run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

How to mitigate CVE-2019-14865

Install updates from vendor's website.

Sources

https://seclists.org/oss-sec/2019/q4/101
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
https://access.redhat.com/errata/RHSA-2020:0335
http://www.openwall.com/lists/oss-security/2024/02/06/3

Privilege Defined With Unsafe Actions in grub - CVE-2019-14865

Detailed vulnerability description

How to mitigate CVE-2019-14865

Sources

Please verify you're human