| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-2312 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | GRUB2 does not call the module fini functions on exit, leading to Debi ... |
| CVE-2023-4693 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | An out-of-bounds read flaw was found on grub2's NTFS filesystem driver ... |
| CVE-2023-4692 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | An out-of-bounds write flaw was found in grub2's NTFS filesystem drive ... |
| CVE-2022-28736 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | There's a use-after-free vulnerability in grub_cmd_chainloader() funct ... |
| CVE-2022-28735 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | The GRUB2's shim_lock verifier allows non-kernel files to be loaded on ... |
| CVE-2022-28734 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Out-of-bounds write when handling split HTTP headers; When handling sp ... |
| CVE-2022-28733 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP ... |
| CVE-2022-3775 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | When rendering certain unicode sequences, grub2's font code doesn't pr ... |
| CVE-2022-2601 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | A buffer overflow was found in grub_font_construct_glyph(). A maliciou ... |
| CVE-2021-20233 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ... |
| CVE-2021-20225 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2 in versions prior to 2.06. The option parser ... |
| CVE-2021-3981 | fixed | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | A flaw in grub2 was found where its configuration file, known as grub. ... |
| CVE-2021-3697 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A crafted JPEG image may lead the JPEG reader to underflow its data po ... |
| CVE-2021-3696 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A heap out-of-bounds write may heppen during the handling of Huffman t ... |
| CVE-2021-3695 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write ... |
| CVE-2020-27779 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ... |
| CVE-2020-27749 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2 in versions prior to 2.06. Variable names pr ... |
| CVE-2020-25647 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2 in versions prior to 2.06. During USB device ... |
| CVE-2020-25632 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ... |
| CVE-2020-15707 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Integer overflows were discovered in the functions grub_cmd_initrd and ... |
| CVE-2020-15706 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | GRUB2 contains a race condition in grub_script_function_create() leadi ... |
| CVE-2020-14372 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2 in versions prior to 2.06, where it incorrec ... |
| CVE-2020-14311 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | There is an issue with grub2 before version 2.06 while handling symlin ... |
| CVE-2020-14310 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | There is an issue on grub2 before version 2.06 at function read_sectio ... |
| CVE-2020-14309 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | There's an issue with grub2 in all versions before 2.06 when handling ... |
| CVE-2020-14308 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | In grub2 versions before 2.06 the grub memory allocator doesn't check ... |
| CVE-2020-10713 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | A flaw was found in grub2, prior to version 2.06. An attacker may use ... |