Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-14865 (GCVE-0-2019-14865)
Vulnerability from cvelistv5 – Published: 2019-11-29 09:50 – Updated: 2025-02-13 16:27
VLAI?
EPSS
Summary
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Severity ?
5.9 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2019/q4/101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865"
},
{
"name": "RHSA-2020:0335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T18:05:56.901Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2019/q4/101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865"
},
{
"name": "RHSA-2020:0335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14865",
"datePublished": "2019-11-29T09:50:12.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:23.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5104C160-A510-4AB3-82F8-F92E21B1B2D7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en la utilidad grub2-set-bootflag de grub2. Un atacante local podr\\u00eda ejecutar esta utilidad bajo la presi\\u00f3n de recursos (por ejemplo, configurando RLIMIT), causando que archivos de configuraci\\u00f3n de grub2 sean truncados y dejando el sistema no reiniciable en los reinicios posteriores.\"}]",
"id": "CVE-2019-14865",
"lastModified": "2024-11-21T04:27:31.963",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 4.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-11-29T10:15:12.830",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/02/06/3\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0335\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/oss-sec/2019/q4/101\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/02/06/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0335\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/oss-sec/2019/q4/101\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-267\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14865\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-11-29T10:15:12.830\",\"lastModified\":\"2025-04-29T20:39:59.300\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en la utilidad grub2-set-bootflag de grub2. Un atacante local podr\u00eda ejecutar esta utilidad bajo la presi\u00f3n de recursos (por ejemplo, configurando RLIMIT), causando que archivos de configuraci\u00f3n de grub2 sean truncados y dejando el sistema no reiniciable en los reinicios posteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-267\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5104C160-A510-4AB3-82F8-F92E21B1B2D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831F0F47-3565-4763-B16F-C87B1FF2035E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E3F09B5-569F-4C58-9FCA-3C0953D107B5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C3741B8-851F-475D-B428-523F4F722350\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62C31522-0A17-4025-B269-855C7F4B45C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28F226A-CBC7-4A32-BE58-398FA5B42481\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C24D94-834A-4E9D-8F73-624AFA99AAA2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC10D919-57FD-4725-B8D2-39ECB476902F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1272DF03-7674-4BD4-8E64-94004B195448\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1CA946D-1665-4874-9D41-C7D963DD1F56\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/02/06/3\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0335\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/oss-sec/2019/q4/101\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/02/06/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/oss-sec/2019/q4/101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2019-14865
Vulnerability from fkie_nvd - Published: 2019-11-29 10:15 - Updated: 2025-04-29 20:39
Severity ?
Summary
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2024/02/06/3 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2020:0335 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://seclists.org/oss-sec/2019/q4/101 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/02/06/3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0335 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/oss-sec/2019/q4/101 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | grub2 | - | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5104C160-A510-4AB3-82F8-F92E21B1B2D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en la utilidad grub2-set-bootflag de grub2. Un atacante local podr\u00eda ejecutar esta utilidad bajo la presi\u00f3n de recursos (por ejemplo, configurando RLIMIT), causando que archivos de configuraci\u00f3n de grub2 sean truncados y dejando el sistema no reiniciable en los reinicios posteriores."
}
],
"id": "CVE-2019-14865",
"lastModified": "2025-04-29T20:39:59.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T10:15:12.830",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2019/q4/101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2019/q4/101"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-267"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CERTFR-2024-AVI-0741
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.5.0 UP9 IF02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2023-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2019-14865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-43789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0741",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence \u00e9diteur",
"revision_date": "2024-09-06T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA86686",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP9-IF02"
}
]
}
CERTFR-2024-AVI-0741
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.5.0 UP9 IF02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2023-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2019-14865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-43789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0741",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence \u00e9diteur",
"revision_date": "2024-09-06T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA86686",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP9-IF02"
}
]
}
CNVD-2019-46264
Vulnerability from cnvd - Published: 2019-12-20
VLAI Severity ?
Title
grub2 grub2-set-bootflag实用程序存在未明漏洞
Description
runc是一款用于根据OCI规范生成和运行容器的CLI(命令行界面)工具。
grub2中的grub2-set-bootflag实用程序存在安全漏洞,本地攻击者可利用该漏洞截断grub2配置文件,使设备无法在重启阶段启动系统。
Severity
中
Patch Name
grub2 grub2-set-bootflag实用程序存在未明漏洞的补丁
Patch Description
runc是一款用于根据OCI规范生成和运行容器的CLI(命令行界面)工具。
grub2中的grub2-set-bootflag实用程序存在安全漏洞,本地攻击者可利用该漏洞截断grub2配置文件,使设备无法在重启阶段启动系统。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/rhboot/grub2
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
https://seclists.org/oss-sec/2019/q4/101
Impacted products
| Name | Grub 2 grub2-set-bootflag |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-14865"
}
},
"description": "runc\u662f\u4e00\u6b3e\u7528\u4e8e\u6839\u636eOCI\u89c4\u8303\u751f\u6210\u548c\u8fd0\u884c\u5bb9\u5668\u7684CLI\uff08\u547d\u4ee4\u884c\u754c\u9762\uff09\u5de5\u5177\u3002\n\ngrub2\u4e2d\u7684grub2-set-bootflag\u5b9e\u7528\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u622a\u65adgrub2\u914d\u7f6e\u6587\u4ef6\uff0c\u4f7f\u8bbe\u5907\u65e0\u6cd5\u5728\u91cd\u542f\u9636\u6bb5\u542f\u52a8\u7cfb\u7edf\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/rhboot/grub2",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-46264",
"openTime": "2019-12-20",
"patchDescription": "runc\u662f\u4e00\u6b3e\u7528\u4e8e\u6839\u636eOCI\u89c4\u8303\u751f\u6210\u548c\u8fd0\u884c\u5bb9\u5668\u7684CLI\uff08\u547d\u4ee4\u884c\u754c\u9762\uff09\u5de5\u5177\u3002\r\n\r\ngrub2\u4e2d\u7684grub2-set-bootflag\u5b9e\u7528\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u622a\u65adgrub2\u914d\u7f6e\u6587\u4ef6\uff0c\u4f7f\u8bbe\u5907\u65e0\u6cd5\u5728\u91cd\u542f\u9636\u6bb5\u542f\u52a8\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "grub2 grub2-set-bootflag\u5b9e\u7528\u7a0b\u5e8f\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Grub 2 grub2-set-bootflag"
},
"referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865\r\nhttps://seclists.org/oss-sec/2019/q4/101",
"serverity": "\u4e2d",
"submitTime": "2019-12-02",
"title": "grub2 grub2-set-bootflag\u5b9e\u7528\u7a0b\u5e8f\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}
WID-SEC-W-2024-0659
Vulnerability from csaf_certbund - Published: 2019-12-15 23:00 - Updated: 2024-03-18 23:00Summary
Grub: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Grub ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Grub ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0659 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-0659.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0659 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0659"
},
{
"category": "external",
"summary": "NIST Database vom 2019-12-15",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14865"
},
{
"category": "external",
"summary": "RedHat Customer Portal",
"url": "https://access.redhat.com/security/cve/CVE-2019-14865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0335 vom 2020-02-04",
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2499 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2499.html"
}
],
"source_lang": "en-US",
"title": "Grub: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-03-18T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:06:36.163+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0659",
"initial_release_date": "2019-12-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2019-12-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-02-04T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2",
"product": {
"name": "Open Source Grub 2",
"product_id": "T015539",
"product_identification_helper": {
"cpe": "cpe:/a:gnu:grub:2"
}
}
}
],
"category": "product_name",
"name": "Grub"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14865",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Grub. Wenn das Dienstprogramm \"grub2-set-bootflag\" unter zu hoher Ressourcenbelastung ausgef\u00fchrt wird, kann es dazu kommen, dass grub2 Konfigurationsdateien abgeschnitten werden. Ein lokaler Angreifer kann dies z.B. durch setzen von RLIMIT herbeif\u00fchren. In der Folge kommt es dazu, dass das System bei sp\u00e4teren Starts nicht mehr bootf\u00e4hig ist."
}
],
"product_status": {
"known_affected": [
"T015539",
"67646",
"398363"
]
},
"release_date": "2019-12-15T23:00:00.000+00:00",
"title": "CVE-2019-14865"
}
]
}
GSD-2019-14865
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-14865",
"description": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.",
"id": "GSD-2019-14865",
"references": [
"https://www.suse.com/security/cve/CVE-2019-14865.html",
"https://access.redhat.com/errata/RHSA-2020:0335",
"https://linux.oracle.com/cve/CVE-2019-14865.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-14865"
],
"details": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.",
"id": "GSD-2019-14865",
"modified": "2023-12-13T01:23:52.602661Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-14865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-267",
"lang": "eng",
"value": "CWE-267"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/oss-sec/2019/q4/101",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2019/q4/101"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865"
},
{
"name": "https://access.redhat.com/errata/RHSA-2020:0335",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"name": "http://www.openwall.com/lists/oss-security/2024/02/06/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5104C160-A510-4AB3-82F8-F92E21B1B2D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en la utilidad grub2-set-bootflag de grub2. Un atacante local podr\u00eda ejecutar esta utilidad bajo la presi\u00f3n de recursos (por ejemplo, configurando RLIMIT), causando que archivos de configuraci\u00f3n de grub2 sean truncados y dejando el sistema no reiniciable en los reinicios posteriores."
}
],
"id": "CVE-2019-14865",
"lastModified": "2024-02-06T18:15:58.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T10:15:12.830",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2019/q4/101"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-267"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
}
}
}
RHSA-2020_0335
Vulnerability from csaf_redhat - Published: 2020-02-04 13:14 - Updated: 2024-11-22 14:17Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable (CVE-2019-14865)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable (CVE-2019-14865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0335",
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1764925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764925"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0335.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2024-11-22T14:17:16+00:00",
"generator": {
"date": "2024-11-22T14:17:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0335",
"initial_release_date": "2020-02-04T13:14:27+00:00",
"revision_history": [
{
"date": "2020-02-04T13:14:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-04T13:14:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:17:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-78.el8_1.1.src",
"product": {
"name": "grub2-1:2.02-78.el8_1.1.src",
"product_id": "grub2-1:2.02-78.el8_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-78.el8_1.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-common-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-common-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-78.el8_1.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src"
},
"product_reference": "grub2-1:2.02-78.el8_1.1.src",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-common-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy"
]
}
],
"cve": "CVE-2019-14865",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1764925"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "grub-set-bootflag is a command line to set bootflags in GRUB\u0027s stored environment. This is a downstream utility which is shipped with Red Hat Enterprise Linux 8 and Fedora. A flaw was found in this application which would could allow a local attacker (someone having a local account on the system) to cause grub configuration files to be truncated. Whenever the machine was rebooted, grub would fail to read the configuration files and the system would be rendered unbootable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14865"
},
{
"category": "external",
"summary": "RHBZ#1764925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14865"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2019/q4/101",
"url": "https://seclists.org/oss-sec/2019/q4/101"
}
],
"release_date": "2019-11-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-04T13:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"category": "workaround",
"details": "Remove the \"grub-set-bootflag\" from the system, by manually the deleting the binary file. Note: On subsequent updates of the \"grub2-tools-minimal\" rpm, the file will be re-installed.",
"product_ids": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable"
}
]
}
RHSA-2020:0335
Vulnerability from csaf_redhat - Published: 2020-02-04 13:14 - Updated: 2025-11-21 18:12Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable (CVE-2019-14865)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable (CVE-2019-14865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0335",
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1764925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764925"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0335.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2025-11-21T18:12:06+00:00",
"generator": {
"date": "2025-11-21T18:12:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:0335",
"initial_release_date": "2020-02-04T13:14:27+00:00",
"revision_history": [
{
"date": "2020-02-04T13:14:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-04T13:14:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:12:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.02-78.el8_1.1.src",
"product": {
"name": "grub2-1:2.02-78.el8_1.1.src",
"product_id": "grub2-1:2.02-78.el8_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.02-78.el8_1.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-common-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-common-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"product_id": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-78.el8_1.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-78.el8_1.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-78.el8_1.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-78.el8_1.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.02-78.el8_1.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src"
},
"product_reference": "grub2-1:2.02-78.el8_1.1.src",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-common-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-pc-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy"
]
}
],
"cve": "CVE-2019-14865",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1764925"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "grub-set-bootflag is a command line to set bootflags in GRUB\u0027s stored environment. This is a downstream utility which is shipped with Red Hat Enterprise Linux 8 and Fedora. A flaw was found in this application which would could allow a local attacker (someone having a local account on the system) to cause grub configuration files to be truncated. Whenever the machine was rebooted, grub would fail to read the configuration files and the system would be rendered unbootable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14865"
},
{
"category": "external",
"summary": "RHBZ#1764925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14865"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2019/q4/101",
"url": "https://seclists.org/oss-sec/2019/q4/101"
}
],
"release_date": "2019-11-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-04T13:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"category": "workaround",
"details": "Remove the \"grub-set-bootflag\" from the system, by manually the deleting the binary file. Note: On subsequent updates of the \"grub2-tools-minimal\" rpm, the file will be re-installed.",
"product_ids": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-1:2.02-78.el8_1.1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-common-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-debugsource-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-cdboot-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-aa64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-ia32-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-cdboot-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-efi-x64-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-pc-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-ppc64le-modules-1:2.02-78.el8_1.1.noarch",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-efi-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-extra-debuginfo-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-1:2.02-78.el8_1.1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:grub2-tools-minimal-debuginfo-1:2.02-78.el8_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable"
}
]
}
GHSA-5C3M-78CG-3WPV
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2023-02-02 21:33
VLAI?
Details
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-14865"
],
"database_specific": {
"cwe_ids": [
"CWE-267"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-29T10:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.",
"id": "GHSA-5c3m-78cg-3wpv",
"modified": "2023-02-02T21:33:45Z",
"published": "2022-05-24T17:02:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14865"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0335"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2019-14865"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764925"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2019/q4/101"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…