Vulnerability Description
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Grub2 | - |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Eus | 8.1 |
| Redhat | Enterprise Linux Server Aus | 8.2 |
| Redhat | Enterprise Linux Server Tus | 8.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/02/06/3Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0335Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865Issue TrackingThird Party Advisory
- https://seclists.org/oss-sec/2019/q4/101Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2024/02/06/3Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0335Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865Issue TrackingThird Party Advisory
- https://seclists.org/oss-sec/2019/q4/101Mailing ListThird Party Advisory
FAQ
What is CVE-2019-14865?
CVE-2019-14865 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be tr...
How severe is CVE-2019-14865?
CVE-2019-14865 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14865?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Grub2, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Tus.