Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 40 results


CVE-2024-2312

Medium priority

Some fixes available 4 of 8

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Fixed Not affected Not affected Not affected Not affected
grub2-unsigned Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-1048

Medium priority
Not affected

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Not affected Not affected Not affected Not affected
grub2-unsigned Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-4001

Medium priority
Ignored

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Not affected Not affected Not affected Not affected
grub2-unsigned Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-4693

Medium priority

Some fixes available 9 of 15

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Fixed Fixed Fixed Needs evaluation Needs evaluation
grub2-unsigned Not affected Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-4692

Medium priority

Some fixes available 12 of 17

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Fixed Fixed Fixed Needs evaluation Needs evaluation
grub2-unsigned Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2022-28736

Medium priority

Some fixes available 6 of 12

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2022-28735

Medium priority

Some fixes available 6 of 12

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2022-28734

Medium priority

Some fixes available 6 of 12

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2022-28733

Medium priority

Some fixes available 6 of 12

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2022-3775

Medium priority

Some fixes available 7 of 12

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Needs evaluation
grub2-unsigned Not affected Fixed Fixed Fixed Needs evaluation
Show less packages