Information on source package grub2

Available versions

ReleaseVersion
jessie2.02~beta2-22+deb8u2
stretch2.02~beta3-5+deb9u3
buster2.06-3~deb10u4
bullseye2.06-3~deb11u6
bookworm2.06-13+deb12u1
trixie2.12-5
sid2.12-5

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-49504vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablegrub2 allowed attackers with access to the grub shell to access files ...
CVE-2024-2312vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedGRUB2 does not call the module fini functions on exit, leading to Debi ...
CVE-2023-4693vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn out-of-bounds read flaw was found on grub2's NTFS filesystem driver ...
CVE-2023-4692vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn out-of-bounds write flaw was found in grub2's NTFS filesystem drive ...
CVE-2022-28736vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedThere's a use-after-free vulnerability in grub_cmd_chainloader() funct ...
CVE-2022-28735vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedThe GRUB2's shim_lock verifier allows non-kernel files to be loaded on ...
CVE-2022-28734vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedOut-of-bounds write when handling split HTTP headers; When handling sp ...
CVE-2022-28733vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedInteger underflow in grub_net_recv_ip4_packets; A malicious crafted IP ...
CVE-2022-3775vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedWhen rendering certain unicode sequences, grub2's font code doesn't pr ...
CVE-2022-2601vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedA buffer overflow was found in grub_font_construct_glyph(). A maliciou ...
CVE-2021-20233vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...
CVE-2021-20225vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2 in versions prior to 2.06. The option parser ...
CVE-2021-3981fixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA flaw in grub2 was found where its configuration file, known as grub. ...
CVE-2021-3697vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA crafted JPEG image may lead the JPEG reader to underflow its data po ...
CVE-2021-3696vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA heap out-of-bounds write may heppen during the handling of Huffman t ...
CVE-2021-3695vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA crafted 16-bit grayscale PNG image may lead to a out-of-bounds write ...
CVE-2020-27779vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...
CVE-2020-27749vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2 in versions prior to 2.06. Variable names pr ...
CVE-2020-25647vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2 in versions prior to 2.06. During USB device ...
CVE-2020-25632vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...
CVE-2020-15707vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedInteger overflows were discovered in the functions grub_cmd_initrd and ...
CVE-2020-15706vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedGRUB2 contains a race condition in grub_script_function_create() leadi ...
CVE-2020-14372vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2 in versions prior to 2.06, where it incorrec ...
CVE-2020-14311vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedThere is an issue with grub2 before version 2.06 while handling symlin ...
CVE-2020-14310vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedThere is an issue on grub2 before version 2.06 at function read_sectio ...
CVE-2020-14309vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedThere's an issue with grub2 in all versions before 2.06 when handling ...
CVE-2020-14308vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIn grub2 versions before 2.06 the grub memory allocator doesn't check ...
CVE-2020-10713vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA flaw was found in grub2, prior to version 2.06. An attacker may use ...

Resolved issues

BugDescription
CVE-2024-1048A flaw was found in the grub2-set-bootflag utility of grub2. After the ...
CVE-2023-4001An authentication bypass flaw was found in GRUB due to the way that GR ...
CVE-2021-46705A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE ...
CVE-2021-3418If certificates that signed grub are installed into db, grub can be bo ...
CVE-2020-15705GRUB2 fails to validate kernel signature when booted directly without ...
CVE-2019-14865A flaw was found in the grub2-set-bootflag utility of grub2. A local a ...
CVE-2017-9763The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ...
CVE-2015-8370Multiple integer underflows in Grub2 1.98 through 2.02 allow physicall ...
CVE-2015-5281The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...
CVE-2013-4577A certain Debian patch for GNU GRUB uses world-readable permissions fo ...
CVE-2009-4128GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...

Security announcements

DSA / DLADescription
DSA-5519-1grub2 - security update
DLA-3605-1grub2 - security update
ELA-763-1grub2 - security update
ELA-760-1grub2 - security update
DLA-3190-2grub2 - security update
DLA-3190-1grub2 - security update
DSA-5280-1grub2 - security update
DSA-4867-1grub2 - security update
DSA-4735-2grub2 - regression update
DSA-4735-1grub2 - security update
DSA-3421-1grub2 - security update
DLA-368-1grub2 - security update

Search for package or bug name: Reporting problems