RHSA-2021:0699-01 -- Redhat grub2ID: oval:org.secpod.oval:def:505923 | Date: (C)2021-03-08 (M)2022-10-27 |
Class: PATCH | Family: unix |
The grub2 packages provide version 2 of the Grand Unified Boot Loader , a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix: * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled * grub2: Use-after-free in rmmod command * grub2: Out-of-bounds write in grub_usb_device_initialize * grub2: Stack buffer overflow in grub_parser_split_cmdline * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled * grub2: Heap out-of-bounds write in short form option parser * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 7 |