4.9
CVSSv2

CVE-2019-14865

Published: 29/11/2019 Updated: 06/02/2024
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu grub2 -

Vendor Advisories

Synopsis Moderate: grub2 security update Type/Severity Security Advisory: Moderate Topic An update for grub2 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...

Mailing Lists

Hi, Summary: This message is about issues in grub-set-bootflagc commonly installed as grub2-set-bootflag, which is Red Hat's addition (not part of upstream GRUB project) used at least in Fedora and RHEL and its downstreams It is a SUID root program I think its latest development source code is currently located in this branch: githu ...

Github Repositories

Tool to examine the behaviour of setuid binaries under constrained limits.

scanlimits A tool to examine the behaviour of setuid binaries when constrained If you set resource limits using setrlimit(), prlimit() or the ulimit shell builtin, then those limits apply even across a setuid execve() To put it another way, any limits you apply to your current shell also apply to any setuid executables you run Some developers find this surprising, and it c