Main Vulnerability Database Vulnerabilities #VU87164

#VU87164 Resource management error in grub2 - CVE-2024-1048

Published: March 6, 2024

Vulnerability identifier: #VU87164

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-1048

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
grub2

Software vendor:
Fedoraproject

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the grub2-set-bootflag utility of grub2. The grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2256827

#VU87164 Resource management error in grub2 - CVE-2024-1048

Description

Remediation

External links

Please verify you're human