cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-56738,https://securityvulnerability.io/vulnerability/CVE-2024-56738,Side-Channel Vulnerability in GNU GRUB Affects Multiple Versions,"The vulnerability in GNU GRUB affects versions prior to 2.12 due to the use of a non-constant-time algorithm in the grub_crypto_memcmp function. This imperfection opens the door for potential side-channel attacks, where attackers might exploit differences in processing time to infer sensitive information. Such vulnerabilities can significantly compromise the security of boot processes and the overall integrity of systems relying on GRUB for initialization.",Gnu,Grub2,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-29T00:00:00.000Z,0
CVE-2024-56737,https://securityvulnerability.io/vulnerability/CVE-2024-56737,Heap-Based Buffer Overflow in GNU GRUB2 Affected by Malicious HFS Filesystem Data,"A vulnerability exists in GNU GRUB2 (version 2.12) that is triggered by a heap-based buffer overflow. This flaw can be exploited if an attacker uses specially crafted sblock data within an HFS filesystem. Such an exploitation may lead to unauthorized access or corruption of memory, impacting the stability and security of systems utilizing this bootloader. Addressing this issue promptly is crucial for maintaining system integrity and protecting against potential threats.",Gnu,Grub2,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-29T00:00:00.000Z,0
CVE-2022-3775,https://securityvulnerability.io/vulnerability/CVE-2022-3775,Out-of-Bounds Write Vulnerability in GRUB2 Affecting Red Hat Products,"The vulnerability in the GRUB2 bootloader arises from improper validation of the dimensions of unicode glyphs during font rendering. This flaw can be exploited by an attacker to input manipulated data, resulting in an out-of-bounds write into the GRUB2 heap. Such memory corruption may lead to system instability and, in complex scenarios, could potentially allow for arbitrary code execution.",Gnu,Grub2,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-12-19T00:00:00.000Z,0
CVE-2022-2601,https://securityvulnerability.io/vulnerability/CVE-2022-2601,Buffer Overflow in GRUB Affects Secure Boot Mechanism,"A buffer overflow vulnerability in the GRUB bootloader was identified, where a maliciously crafted pf2 font could exploit the function grub_font_construct_glyph(). This issue arises during the calculation of max_glyph_size, leading to the allocation of insufficient buffer space. Consequently, this flaw can cause a buffer overflow and result in a heap-based out-of-bounds write. Attackers may leverage this vulnerability to bypass the secure boot process, potentially compromising system integrity.",Gnu,Grub2,8.6,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2021-3697,https://securityvulnerability.io/vulnerability/CVE-2021-3697,Heap Underflow Vulnerability in GRUB2 by Red Hat,"A carefully crafted JPEG image can cause the JPEG reader in GRUB2 to underflow its data pointer, enabling an attacker to manipulate user-controlled data in the heap. Successful exploitation requires the attacker to meticulously analyze the heap layout and create a maliciously formatted image. This vulnerability could lead to data corruption and an opportunity for code execution or even bypassing secure boot mechanisms, particularly affecting versions of GRUB2 prior to 2.12.",Gnu,Grub2,7,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-06T15:06:47.000Z,0
CVE-2021-3696,https://securityvulnerability.io/vulnerability/CVE-2021-3696,Heap Out-of-Bounds Write Vulnerability in GRUB2 by Red Hat,"This vulnerability involves a heap out-of-bounds write that can occur during the processing of Huffman tables in the PNG reader of GRUB2. When exploited, it may lead to data corruption in the heap space. Although the impact on confidentiality, integrity, and availability is typically considered low due to the complexity involved in controlling the encoding and arrangement of corrupted Huffman entries for achieving outcomes like arbitrary code execution, this still poses a security risk for users of affected GRUB2 versions.",Gnu,Grub2,4.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-07-06T15:06:43.000Z,0
CVE-2021-3695,https://securityvulnerability.io/vulnerability/CVE-2021-3695,Out-of-Bounds Write Vulnerability in Grub2 by Red Hat,"An out-of-bounds write vulnerability exists in Grub2 due to handling crafted 16-bit grayscale PNG images. This flaw allows attackers to potentially corrupt heap data, leading to severe consequences such as arbitrary code execution and the bypassing of secure boot protections. Exploiting this vulnerability is a complex task, requiring knowledge of the heap layout to manipulate memory effectively. Additionally, the payloads written into memory are repeated multiple times, complicating the exploitation process.",Gnu,Grub2,4.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-07-06T15:06:38.000Z,0
CVE-2021-3981,https://securityvulnerability.io/vulnerability/CVE-2021-3981,Configuration File Permission Flaw in GRUB2 by Red Hat,"A security issue has been identified in the GRUB2 bootloader where its configuration file (grub.cfg) is created with incorrect permissions, allowing non-privileged users to read potentially sensitive content, including encrypted passwords. While a fix has been proposed upstream, no patched version has yet been released for user systems. This presents a confidentiality risk as unauthorized access to these details could compromise system security.",Gnu,Grub2,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-03-08T14:02:15.000Z,0
CVE-2021-3418,https://securityvulnerability.io/vulnerability/CVE-2021-3418,Boot Process Vulnerability in GRUB2 by Red Hat,"The vulnerability in GRUB2 allows for potential unauthorized kernel execution by bypassing signature validation when certificates are improperly stored. This flaw enables an attacker to manipulate the boot process, resulting in a system that will incorrectly believe it is operating under secure boot mode, thereby enforcing lockdown measures. Systems running GRUB2 versions before 2.06, particularly those making use of the shim_lock mechanism, are at risk of this serious oversight, echoing an earlier security issue recorded in CVE-2020-15705.",Gnu,Grub2,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-03-15T21:17:52.000Z,0
CVE-2021-20233,https://securityvulnerability.io/vulnerability/CVE-2021-20233,Memory Corruption Vulnerability in GRUB2 Affects Red Hat and Fedora,"A memory corruption flaw in GRUB2 versions prior to 2.06 allows an attacker to manipulate the memory by incorrectly calculating the length of quoted inputs in the menu rendering code. As the system incorrectly assumes that a quoted single quote requires three characters instead of four, this results in a potential one-byte memory corruption for each quote used. This vulnerability can threaten data confidentiality, integrity, and system availability, revealing significant risks for users relying on affected systems.",Gnu,Grub2,8.2,HIGH,0.0004199999966658652,false,,false,false,true,2022-07-19T18:56:51.000Z,true,false,false,,2021-03-03T16:44:34.000Z,0
CVE-2021-20225,https://securityvulnerability.io/vulnerability/CVE-2021-20225,Heap Buffer Overflow in GRUB2 Affects Red Hat and Fedora,"A flaw exists in GRUB2 prior to version 2.06 that allows an attacker to exploit the option parser. By issuing commands with a large number of specific short-form options, an attacker can write beyond the bounds of a heap-allocated buffer. This vulnerability poses significant risks to data confidentiality and integrity, potentially impacting overall system availability.",Gnu,Grub2,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-03T16:44:26.000Z,0
CVE-2020-25632,https://securityvulnerability.io/vulnerability/CVE-2020-25632,Use-After-Free Vulnerability in GRUB2 Affects Red Hat Products,"A flaw in GRUB2's rmmod implementation allows for the unloading of a module that may still have dependencies in use, leading to a use-after-free condition. This vulnerability can enable the execution of arbitrary code and potentially compromise Secure Boot protections. The implications are serious, impacting the confidentiality and integrity of data as well as overall system availability.",Gnu,Grub2,8.2,HIGH,0.0004199999966658652,false,,false,false,true,2022-07-19T18:56:51.000Z,true,false,false,,2021-03-03T16:40:47.000Z,0
CVE-2020-25647,https://securityvulnerability.io/vulnerability/CVE-2020-25647,Memory Corruption Vulnerability in GRUB2 by Red Hat,"A flaw exists in GRUB2 that arises during USB device initialization due to inadequate bounds checking when reading device descriptors. This oversight assumes that the USB device presents valid values. If an attacker successfully exploits this vulnerability, it may result in memory corruption, enabling arbitrary code execution and a successful bypass of the Secure Boot functionality. The potential impact includes severe threats to data confidentiality, integrity, and overall system availability.",Gnu,Grub2,7.6,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2021-03-03T16:40:42.000Z,0
CVE-2020-14372,https://securityvulnerability.io/vulnerability/CVE-2020-14372,Grub2 Vulnerability in Linux Kernel with Secure Boot Enabled by Red Hat,"Grub2 versions prior to 2.06 contain a vulnerability that improperly allows the usage of the ACPI command when Secure Boot is enabled. This flaw can be exploited by an attacker with privileged access to create a crafted Secondary System Description Table (SSDT). When this table is loaded, it can overwrite the Linux kernel lockdown variable's content directly in memory. This circumvents the Secure Boot lockdown, enabling the execution of unsigned code, potentially compromising data confidentiality, integrity, and overall system availability.",Gnu,Grub2,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2021-04-19T23:36:25.000Z,true,false,false,,2021-03-03T16:40:36.000Z,0
CVE-2020-27749,https://securityvulnerability.io/vulnerability/CVE-2020-27749,Stack Buffer Overflow in Grub2 Affects Red Hat and Fedora Distributions,"A vulnerability present in Grub2 could allow attackers to exploit the variable name expansion in the command line, resulting in a stack buffer overflow. This flaw can lead to stack corruption and unauthorized control over the system's execution flow, potentially allowing attackers to bypass Secure Boot protections. Data confidentiality, integrity, and system availability could be severely compromised, posing significant risks to both users and organizations relying on affected products.",Gnu,Grub2,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-03T16:40:30.000Z,0
CVE-2020-27779,https://securityvulnerability.io/vulnerability/CVE-2020-27779,Memory Management Flaw in GRUB2 Affects System Boot Security,"A vulnerability in GRUB2 prior to version 2.06 allows privileged attackers to use the cutmem command, potentially bypassing Secure Boot protections. This flaw does not respect secure boot locking mechanisms, enabling attackers to manipulate memory by removing specific address ranges. This presents significant risks to data confidentiality, integrity, and overall system availability.",Gnu,Grub2,7.5,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-03T16:40:24.000Z,0
CVE-2015-8370,https://securityvulnerability.io/vulnerability/CVE-2015-8370,,"Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an ""Off-by-two"" or ""Out of bounds overwrite"" memory error.",Gnu,Grub2,,,0.00107999995816499,false,,false,false,false,,,false,false,,2015-12-16T21:59:00.000Z,0