CVE-2019-14865

NameCVE-2019-14865
DescriptionA flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
grub2 (PTS)jessie (security), jessie2.02~beta2-22+deb8u1fixed
stretch2.02~beta3-5+deb9u2fixed
buster2.02+dfsg1-20fixed
bullseye, sid2.04-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
grub2source(unstable)(not affected)

Notes

- grub2 <not-affected> (Red Hat-specific patch)
https://bugzilla.redhat.com/show_bug.cgi?id=1764925
https://seclists.org/oss-sec/2019/q4/101
Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM

Search for package or bug name: Reporting problems