CVE-2019-14865

NameCVE-2019-14865
DescriptionA flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
grub2 (PTS)jessie, jessie (lts)2.02~beta2-22+deb8u2fixed
stretch (lts), stretch2.02~beta3-5+deb9u3fixed
buster (security), buster, buster (lts)2.06-3~deb10u4fixed
bullseye (security), bullseye2.06-3~deb11u6fixed
bookworm (security), bookworm2.06-13+deb12u1fixed
sid, trixie2.12-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
grub2source(unstable)(not affected)

Notes

- grub2 <not-affected> (Red Hat-specific patch)
https://bugzilla.redhat.com/show_bug.cgi?id=1764925
https://seclists.org/oss-sec/2019/q4/101
Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM

Search for package or bug name: Reporting problems