CVE-2024-1048

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions grub2 (affected versions not specified)

Description A flaw in the grub2-set-bootflag utility of grub2 can lead to a denial of service. The issue arises when the program creates a temporary file with new grubenv content and is killed before renaming it to the original grubenv file, resulting in the temporary file not being removed. This can cause the filesystem to fill up with temporary files when the utility is invoked multiple times, leading to a filesystem out of free inodes or blocks. The vulnerability is related to incomplete cleanup of temporary or auxiliary resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-459

Related Identifiers

ALSA-2024:2456

ALSA-2024:3184

BDU:2024-01386

CESA-2024_3184

CVE-2024-1048

INFSA-2024_2456

INFSA-2024_3184

MGASA-2024-0095

OESA-2024-1253

RHSA-2024:2456

RHSA-2024:3184

RHSA-2024_2456

RHSA-2024_3184

RLSA-2024:3184

Affected Products

Almalinux

Centos

Red Hat

Red Os

Rocky Linux

Grub2

CVE-2024-1048

Weakness Enumeration

Related Identifiers

Affected Products

References · 42