Main Vulnerability Database Vulnerabilities #VU97100

#VU97100 Privilege Defined With Unsafe Actions in grub - CVE-2019-14865

Published: September 10, 2024

Vulnerability identifier: #VU97100

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14865

CWE-ID: CWE-267

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
grub

Software vendor:
GNU

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the grub2-set-bootflag utility. A local user can run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Remediation

Install updates from vendor's website.

External links

https://seclists.org/oss-sec/2019/q4/101
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
https://access.redhat.com/errata/RHSA-2020:0335
http://www.openwall.com/lists/oss-security/2024/02/06/3

#VU97100 Privilege Defined With Unsafe Actions in grub - CVE-2019-14865

Description

Remediation

External links

Please verify you're human