PT-2019-5305 · Gnu+2 · Grub2+2

Tavis Ormandy

Published

2019-11-29

Updated

2025-04-29

CVE-2019-14865

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions grub2 (affected versions not specified)

Description A flaw was found in the grub2-set-bootflag utility of grub2, related to insecure privilege management. This issue can be exploited by a local attacker running the utility under resource pressure, for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-267

Related Identifiers

BDU:2020-02252

CESA-2020_0335

CVE-2019-14865

RHSA-2020:0335

RHSA-2020_0335

Affected Products

Centos

Red Hat

Grub2

PT-2019-5305 · Gnu+2 · Grub2+2

CVE-2019-14865

Weakness Enumeration

Related Identifiers

Affected Products

References · 19