CVE-2019-14865
Published: 29 November 2019
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Notes
Author | Note |
---|---|
mdeslaur | this issue is in a Red Hat-specific patch |
Priority
Status
Package | Release | Status |
---|---|---|
grub2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
disco |
Not vulnerable
(code not present)
|
|
eoan |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Not vulnerable
(debian: Red Hat-specific patch)
|
|
xenial |
Not vulnerable
(code not present)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |